Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-212-1 php5

Debian Security Advisory

DLA-212-1 php5 -- LTS security update

Date Reported:

29 Apr 2015

Affected Packages:

php5

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-9705, CVE-2015-0232, CVE-2015-2301, CVE-2015-2331, CVE-2015-2783, CVE-2015-2787, CVE-2015-3329, CVE-2015-3330.

More information:

• CVE-2014-9705

  Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

• CVE-2015-0232

  The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.

• CVE-2015-2301

  Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.

• CVE-2015-2331

  Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

• CVE-2015-2783

  Buffer Over-read in unserialize when parsing Phar

• CVE-2015-2787

  Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

• CVE-2015-3329

  Buffer Overflow when parsing tar/zip/phar in phar_set_inode

• CVE-2015-3330

  PHP potential remote code execution with apache 2.4 apache2handler

• CVE-2015-temp-68819

  Denial of service when processing a crafted file with Fileinfo