67 matches found
[USN-2501-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2501-1 February 17, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
openSUSE Security Update : php5 (openSUSE-2015-163)
php5 was updated to fix five security issues. These security issues were fixed : - CVE-2015-0231: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute...
Ubuntu: Security Advisory (USN-2501-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
In PHP memory corruption vulnerability use of CVE-2 0 1 4-8 1 4 2 and CVE-2 0 1 5-0 2 3 1-the vulnerability warning-the black bar safety net
Many people think that, for Web-based applications, memory corruption class of bugs is not what a serious problem. Especially nowXSSandSQL injectionthe class of vulnerabilities is still the matter of the case, not how much attention to devote to such a bug, they will be treated as“non-use”or is...
PHP Core unserialize process nested data Use After Free (CVE-2014-8142)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...
Design/Logic Flaw
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...
CVE-2015-0231
CVE-2015-0231 is a use-after-free in PHP’s unserialize handling of serialized objects with identical numeric keys within process_nested_data (ext/standard/var_unserializer.re). Affects PHP releases up to 5.4.37, 5.5.x up to 5.5.21, and 5.6.x up to 5.6.5; remote attackers could trigger arbitrary c...
php: remote code execution
CVE-2014-9427 information leak, remote code execution A one-byte file containing only the '' character, not followed by any newline, causes php-cgi to do an out of bound read, potentially disclosing sensitive information present in memory or even triggering code execution if adjacent memory...
SOL16021 - PHP vulnerability CVE-2014-8142
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
Amazon Linux AMI : php55 (ALAS-2015-464)
Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...
PHP 5.4.x < 5.4.36, 5.5.x < 5.5.20, 5.6.x < 5.6.4 Use After Free Vulnerability (Jan 2015)
PHP is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
Fedora Update for php FEDORA-2014-17241
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3117-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3117-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq -...
Fedora Update for php FEDORA-2014-17276
Check the version of php SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868640";...
Fedora 20 : php-5.5.20-2.fc20 (2014-17229)
18 Dec 2014, PHP 5.5.20\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug 68370 'unset$this' can make the program crash. Laruence\r\n Fixed bug 68545 NUL...
Fedora 21 : php-5.6.4-2.fc21 (2014-17241)
18 Dec 2014, PHP 5.6.4\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68104 Segfault while pre-evaluating a disabled function. Laruence\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug...
Fedora Update for php FEDORA-2014-17229
Check the version of php SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868637";...
[slackware-security] php
New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.36-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. 68545 NULL pointer dereference in...
[slackware-security] php (SSA:2014-356-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-356-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...