K16976: PHP vulnerability CVE-2015-1352

Security Advisory Description The buildtablename function in pgsql.c in the PostgreSQL aka pgsql extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service. CVE-2015-1352 Impact There is no impact; F5 products are...

Slackware: Security Advisory (SSA:2015-111-10)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0090)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

Memory Corruption

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

CVE-2015-4644

CVE-2015-4644 affects the PHP pgsql extension: the php_pgsql_meta_data function in pgsql.c does not validate token extraction for table names. This can allow remote attackers to trigger a denial of service (NULL pointer dereference and application crash). Affected PHP versions are the PostgreSQL ...

php55 security and bug fix update

php55 2.0-1 - fix incorrect selinux contexts 1194336 php55-php 5.5.21-2.0.1 - add dtrace-utils as build dependency 5.5.21-2 - core: fix use-after-free vulnerability in the processnesteddata function unserialize CVE-2015-2787 - core: fix NUL byte injection in file name argument of moveuploadedfile...

Amazon Linux: Security Advisory (ALAS-2015-511)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-509)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SOL16976 - PHP vulnerability CVE-2015-1352

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

php: NULL pointer dereference in php_pgsql_meta_data()

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

PHP < 5.4.40, 5.5.x < 5.5.24, 5.6.x < 5.6.8 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 5.4.40, 5.5.x < 5.5.24, 5.6.x < 5.6.8 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Fedora Update for php FEDORA-2015-6399

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.40-i486-1slack14.1.txz: Upgraded. This update fixes some security issues. Please note that this package build also moves t...

Amazon Linux AMI : php54 (ALAS-2015-509)

A buffer overflow vulnerability was found in PHP's phar PHP Archive implementation. See https://bugs.php.net/bug.php?id=69324 for more details. CVE-2015-2783 A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to...

Amazon Linux AMI : php55 (ALAS-2015-510)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Low: php55

Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...

php: multiple issues

CVE-2015-1351 denial of service Use-after-free vulnerability in the zendsharedmemdup function in zendsharedalloc.c in the OPcache extension allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2015-1352 denial of service The...