[SECURITY] [DLA 307-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 307-1] php5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 7 Sep 2015 22:21:46 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1509072220170.14747@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.3.3.1-7+squeeze27
CVE ID         : CVE-2015-3307 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021
                 CVE-2015-4022 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147
                 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600
                 CVE-2015-4601 CVE-2015-4602 CVE-2015-4604 CVE-2015-4605
                 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590

   * CVE-2015-3307
     The phar_parse_metadata function in ext/phar/phar.c in PHP before
     5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote
     attackers to cause a denial of service (heap metadata corruption)
     or possibly have unspecified other impact via a crafted tar archive.
   * CVE-2015-3411 + CVE-2015-3412
     Fixed bug #69353 (Missing null byte checks for paths in various
     PHP extensions)
   * CVE-2015-4021
     The phar_parse_tarfile function in ext/phar/tar.c in PHP
     before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
     does not verify that the first character of a filename is
     different from the \0 character, which allows remote attackers
     to cause a denial of service (integer underflow and memory
     corruption) via a crafted entry in a tar archive.
   * CVE-2015-4022
     Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP
     before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows
     remote FTP servers to execute arbitrary code via a long reply to a
     LIST command, leading to a heap-based buffer overflow.
   * CVE-2015-4025
     PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9
     truncates a pathname upon encountering a \x00 character in certain
     situations, which allows remote attackers to bypass intended
     extension restrictions and access files or directories with
     unexpected names via a crafted argument to (1) set_include_path,
     (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability
     exists because of an incomplete fix for CVE-2006-7243.
   * CVE-2015-4026
     The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before
     5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering
     a \x00 character, which might allow remote attackers to bypass
     intended extension restrictions and execute files with unexpected
     names via a crafted first argument. NOTE: this vulnerability exists
     because of an incomplete fix for CVE-2006-7243.
   * CVE-2015-4147
     The SoapClient::__call method in ext/soap/soap.c in PHP before
     5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not
     verify that __default_headers is an array, which allows remote
     attackers to execute arbitrary code by providing crafted
     serialized data with an unexpected data type, related to a "type
     confusion" issue.
   * CVE-2015-4148
     The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39,
     5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that
     the uri property is a string, which allows remote attackers to
     obtain sensitive information by providing crafted serialized data
     with an int data type, related to a "type confusion" issue.
   * CVE-2015-4598
     Incorrect handling of paths with NULs
   * CVE-2015-4599
     Type confusion vulnerability in exception::getTraceAsString
   * CVE-2015-4600 + CVE-2015-4601
     Added type checks
   * CVE-2015-4602
     Type Confusion Infoleak Vulnerability in unserialize() with SoapFault
   * CVE-2015-4604 + CVE-2015-4605
     denial of service when processing a crafted file with Fileinfo
     (already fixed in  CVE-2015-temp-68819.patch)
   * CVE-2015-4643
     Improved fix for bug #69545 (Integer overflow in ftp_genlist()
     resulting in heap overflow)
   * CVE-2015-4644
     Fixed bug #69667 (segfault in php_pgsql_meta_data)
   * CVE-2015-5589
     Segfault in Phar::convertToData on invalid file
   * CVE-2015-5590
     Buffer overflow and stack smashing error in phar_fix_filepath


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJV7fHaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHm4MP/RI1GEBKnWo9gVJPFqukHUdv
fYwOrgL3C8GYHwhzOji2bRuLkhjl4uWSuEN76AVBML6cf13wT3VE6LR6jSsy5g+C
sTLBHtm+FxCITuFMT6DK3aY613MtGDK0jzE+uoEn9nOpixupqL2zOBgsmyJklvgI
css1IaVBxUGQmlp9VNeuBVOgXWq/whVPujtcK4EzX1+FtlRJvFUprqtkGakrgfs9
xMIO/OC5ZnyhtqlaEURNZVohx87zHWCNygmanPktXZUt13AiY6NcOIHT4FAxFk1J
e5eQI9gZkGeZ37KSzNMfcarN2s0ai5MaT3lMDOEbj873ukWcQEPtJ5lkc7vVMP32
wL1/490r4gJV8tzLUJ+tEd6Wd4dDvR5mBRiInUMorDzk71zZlzAQCOUS3cRCHcMc
uZdhI/c9+xco39cWWBTJ/KDq/nAjJWm0lH4I/YbeMHCIZ6YZxCT2wtKuROsnBi+1
DKziYBsgrn0g0l2+GBTezzEz6a/MPbY7qsH8iO6kjwS4Mk0mFX4ZdaGNwKtFI3I/
YQwCQUJ8ZTc1Os6rhLYWPscE+8ekYAEmicaKsmJq+PQCI0JbCmApjtrNfgaWXxgF
xOV5XbkToRrvc6CTrEN/WtcIx1Iim1srhqMLhKvdBHNTMml3Bmyn6VuNF1ROlNjP
bp5DPprOXNCxsCX3h1ey
=uEjA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 305-1] screen security update
Next by Date: [SECURITY] [DLA 308-1] bind9 security update
Previous by thread: [SECURITY] [DLA 305-1] screen security update
Next by thread: [SECURITY] [DLA 308-1] bind9 security update
Index(es):
- Date
- Thread