[SECURITY] [DLA 212-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 212-1] php5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 29 Apr 2015 22:45:33 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1504292243290.4991@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.3.3.1-7+squeeze26
CVE ID         : CVE-2014-9705 CVE-2015-0232 CVE-2015-2301 CVE-2015-2331
                 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330

CVE-2014-9705
    Heap-based buffer overflow in the enchant_broker_request_dict
    function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x
    before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers
    to execute arbitrary code via vectors that trigger creation of
    multiple dictionaries.

CVE-2015-0232
    The exif_process_unicode function in ext/exif/exif.c in PHP
    before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5
    allows remote attackers to execute arbitrary code or cause a
    denial of service (uninitialized pointer free and application
    crash) via crafted EXIF data in a JPEG image.

CVE-2015-2301
    Use-after-free vulnerability in the phar_rename_archive function
    in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6
    allows remote attackers to cause a denial of service or possibly
    have unspecified other impact via vectors that trigger an attempted
    renaming of a Phar archive to the name of an existing file.

CVE-2015-2331
    Integer overflow in the _zip_cdir_new function in zip_dirent.c
    in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP
    before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and
    other products, allows remote attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code
    via a ZIP archive that contains many entries, leading to a
    heap-based buffer overflow.

CVE-2015-2783
    Buffer Over-read in unserialize when parsing Phar

CVE-2015-2787
    Use-after-free vulnerability in the process_nested_data function
    in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x
    before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to
    execute arbitrary code via a crafted unserialize call that
    leverages use of the unset function within an __wakeup function,
    a related issue to CVE-2015-0231.

CVE-2015-3329
    Buffer Overflow when parsing tar/zip/phar in phar_set_inode)

CVE-2015-3330
    PHP potential remote code execution with apache 2.4 apache2handler

CVE-2015-temp-68819
    denial of service when processing a crafted file with Fileinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVQULtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHtkcQAIz9BPsUURCgqfZ2thQaK4Z3
VzyGqnmBq+3SFWI4mDOrKHsMXSbZCRVc6zgXQLCSsZeGvAU21edZXs/+gCkTz9b9
J1jKmH+74jK6FBy0+uI2gYHTSw9/ZTOq8lLhXFg3ZyZaThB41gSKEQlynWEWMKHx
AuDMrDluSSjB0DeXxybclQ8gBS0i8rEe3pnRz+9pw9CYVDERU86SPPHegCrX23Me
YIWDOU6bMZPxbA300Lh+mnUycR2lk20QJtk1SE5e+LdeRUZcskMPVpHsYlAV0jdH
SXY3Dn9RU/E35cJz5XgCwIMtwPl1qquWVjaKfm24E27y5b1uED9S+NoRIyINpJER
GB2VMWSojUEgoDj8EyirZuAU+wF5pssG4iX1Gc+9N7B/U4jflO4o+BnpXlYVOHia
gopnK5lwfnDyfR5CgLzAx++4YC3uN60HwOX+Bf36XujHik/c9ssKuaXrRapo6Gsh
cVu+epzNbUpv4MXcAeHnnbF+OyQiL7W53fWx9CkvUIBFg5kGc4G0MZpDeWRmQW1O
v1OERGkeuau1CNipyjTJxVtkMmCgCQyxVf1bfevg3XzOWZEgp8J8exC1aJ1SJ9KK
IcKAsZPbpPxRWKnTHPcSfqPbeQL1Yie5kxyV4uZ8DwrkZSLw+BzDdLY/faeIWnyY
qnB9AsLF5xIvUxl3NlF6
=DLpB
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 211-1] curl security update
Next by Date: [SECURITY] [DLA 210-1] qt4-x11 security update
Previous by thread: [SECURITY] [DLA 211-1] curl security update
Next by thread: [SECURITY] [DLA 210-1] qt4-x11 security update
Index(es):
- Date
- Thread