Lucene search
GoogleOSV:DSA-3195-1HistoryMar 18, 2015 - 12:00 a.m.
php5 - security update
2015-03-1800:00:00
Google
osv.dev
16
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.955 High
EPSS
Percentile
99.1%
Multiple vulnerabilities have been discovered in the PHP language:
- CVE-2015-2305
Guido Vranken discovered a heap overflow in the ereg extension
(only applicable to 32 bit systems). - CVE-2014-9705
Buffer overflow in the enchant extension. - CVE-2015-0231
Stefan Esser discovered a use-after-free in the unserialisation
of objects. - CVE-2015-0232
Alex Eubanks discovered incorrect memory management in the exif
extension. - CVE-2015-0273
Use-after-free in the unserialisation of DateTimeZone.
For the stable distribution (wheezy), these problems have been fixed in
version 5.4.38-0+deb7u1.
For the upcoming stable distribution (jessie), these problems have been
fixed in version 5.6.6+dfsg-2.
For the unstable distribution (sid), these problems have been fixed in
version 5.6.6+dfsg-2.
We recommend that you upgrade your php5 packages.
References
Related
debian
debian
[SECURITY] [DSA 3195-1] php5 security update
2015-03-18 11:56:46
[SECURITY] [DLA 212-1] php5 security update
2015-04-29 20:45:33
[SECURITY] [DLA 444-1] php5 security update
2016-02-29 18:41:39
openvas
openvas
Debian Security Advisory DSA 3195-1 (php5 - security update)
2015-03-18 00:00:00
Debian Security Advisory DSA 3195-1 (php5 - security update)
2015-03-18 00:00:00
PHP Multiple Remote Code Execution Vulnerabilities - Jul15 (Linux)
2015-07-23 00:00:00
nessus
nessus
Debian DSA-3195-1 : php5 - security update
2015-03-19 00:00:00
PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
2015-02-25 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-507)
2015-04-17 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-03-21 00:00:00
[USN-2535-1] PHP vulnerabilities
2015-03-18 00:00:00
[ MDVSA-2015:032 ] php
2015-02-11 00:00:00
amazon
amazon
Important: php56
2015-04-15 21:50:00
Important: php55
2015-04-15 21:49:00
Important: php54
2015-04-15 21:49:00
kaspersky
kaspersky
KLA10515 Multiple vulnerabilities in PHP and extensions
2015-03-30 00:00:00
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-03-18 00:00:00
PHP vulnerabilities
2015-02-17 00:00:00
archlinux
archlinux
php: remote code execution
2015-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.5-1.fc21
2015-02-06 03:59:46
[SECURITY] Fedora 20 Update: php-5.5.21-1.fc20
2015-02-06 04:03:31
[SECURITY] Fedora 21 Update: php-5.6.6-1.fc21
2015-02-23 23:28:40
freebsd
freebsd
Several vulnerabilities found in PHP
2015-03-19 00:00:00
php5 -- multiple vulnerabilities
2015-02-18 00:00:00
veracode
veracode
Use-After-Free
2019-05-02 05:39:23
Null Pointer Dereference
2019-05-02 05:39:23
Denial Of Service (DoS)
2019-05-02 05:39:23
prion
prion
Heap overflow
2015-03-30 10:59:00
Integer overflow
2015-03-30 10:59:00
Design/Logic Flaw
2015-03-30 10:59:00
f5
f5
K35012672 : PHP vulnerability CVE-2014-9705
2016-07-05 00:00:00
SOL35012672 - PHP vulnerability CVE-2014-9705
2016-07-05 00:00:00
SOL16831 - BSD regex library vulnerability CVE-2015-2305
2015-07-01 00:00:00
hackerone
hackerone
Internet Bug Bounty: heap buffer overflow in enchant_broker_request_dict()
2014-12-05 00:00:00
ubuntucve
ubuntucve
htbridge
htbridge
Heap Buffer Overflow in PHP
2014-12-05 00:00:00
cve
cve
debiancve
debiancve
CVE-2015-2305
2015-03-30 10:59:00
packetstorm
packetstorm
PHP DateTime Use-After-Free
2015-02-20 00:00:00
attackerkb
attackerkb
CVE-2015-0273
2015-03-30 00:00:00
exploitpack
exploitpack
PHP DateTime - Use-After-Free
2015-02-23 00:00:00
osv
osv
php5 - security update
2015-04-29 00:00:00
php5 - security update
2016-02-29 00:00:00
zdt
zdt
PHP DateTime Use After Free Vulnerability
2015-02-23 00:00:00
suse
suse
Security update for php5 (important)
2015-02-24 11:05:36
Security update for php5 (important)
2015-03-04 16:04:57
Security update for php5 (important)
2015-03-06 11:04:50
checkpoint_advisories
checkpoint_advisories
PHP exif Extension exif_read_data NULL Pointer Dereference (CVE-2015-0232)
2015-02-17 00:00:00
PHP Date Time Object Unserialize Memory Corruption (CVE-2015-0273)
2015-03-08 00:00:00
PHP Core Unserialize Key Name Code Execution (CVE-2015-0231)
2015-02-16 00:00:00
oraclelinux
oraclelinux
php55 security and bug fix update
2016-02-04 00:00:00
php54 security and bug fix update
2016-02-04 00:00:00
redhat
redhat
(RHSA-2015:1053) Moderate: php55 security and bug fix update
2015-06-04 00:00:00
(RHSA-2015:1066) Important: php54 security and bug fix update
2015-06-04 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2015-03-08 00:00:00
exploitdb
exploitdb
PHP DateTime - Use-After-Free
2015-02-23 00:00:00
mageia
mageia
Updated php and libzip packages fix security vulnerabilities
2015-04-04 14:13:35
Updated php packages fix security vulnerabilities
2015-01-28 00:08:29
Updated php packages fix security vulnerabilities
2015-03-04 00:16:02
slackware
slackware
[slackware-security] php
2015-04-22 01:22:40
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.955 High
EPSS
Percentile
99.1%
Related for OSV:DSA-3195-1