php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: SoapClient's do_soap_call() type confusion after unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php security update

5.3.3-46 - fix gzfile accept paths with NUL character 1213407 - fix patch for CVE-2015-4024 5.3.3-45 - fix more functions accept paths with NUL character 1213407 5.3.3-44 - soap: missing fix for 1222538 and 1204868 5.3.3-43 - core: fix multipart/form-data request can use excessive amount of CPU...

openSUSE Security Update : php5 (openSUSE-2015-471)

The PHP script interpreter was updated to receive various security fixes : - CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. - CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. -...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

Important: Red Hat Security Advisory: php55-php security update

Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

php security update

CentOS Errata and Security Advisory CESA-2015:1135 Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)

A use-after-free flaw was found in the way PHP's unserialize function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code...

php: use after free vulnerability in unserialize() with DateTimeZone

A use-after-free flaw was found in the unserialize function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: SoapClient's __call() type confusion through unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: SoapClient's do_soap_call() type confusion after unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php security and bug fix update

5.4.16-36 - fix more functions accept paths with NUL character 1213407 5.4.16-35 - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026, 1213407 - fileinfo: fix denial of...

Multiple Memory Corruption Vulnerabilities in PHP SOAP Access

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...

PHP SOAP Access Remote Memory Corruption Vulnerability

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...