6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-5589, CVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804) Two NULL pointer dereference flaws were found in the XSLTProcessor class in PHP. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php56-php | eq | 5.6.5__7.el6 | |
rh-php56-php | eq | 5.6.5__5.el6 | |
rh-php56-php | eq | 5.6.5__7.el6 | |
rh-php56-php | eq | 5.6.5__5.el6 |
git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244
lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
lists.opensuse.org/opensuse-updates/2016-02/msg00037.html
www.debian.org/security/2015/dsa-3380
www.openwall.com/lists/oss-security/2015/10/05/8
www.php.net/ChangeLog-5.php
www.securityfocus.com/bid/76959
www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
www.ubuntu.com/usn/USN-2786-1
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=69720
rhn.redhat.com/errata/RHSA-2016-0457.html
security.gentoo.org/glsa/201606-10
support.apple.com/HT205637