Debian Security Advisory

DLA-444-1 php5 -- LTS security update

Date Reported:
29 Feb 2016
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-2305, CVE-2015-2348.
More information:
  • CVE-2015-2305

    Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

  • CVE-2015-2348

    The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument.

    Note: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

  • CVE-2016-tmp, Bug #71039

    exec functions ignore length but look for NULL termination

  • CVE-2016-tmp, Bug #71089

    No check to duplicate zend_extension

  • CVE-2016-tmp, Bug #71201

    round() segfault on 64-bit builds

  • CVE-2016-tmp, Bug #71459

    Integer overflow in iptcembed()

  • CVE-2016-tmp, Bug #71354

    Heap corruption in tar/zip/phar parser

  • CVE-2016-tmp, Bug #71391

    NULL Pointer Dereference in phar_tar_setupmetadata()

  • CVE-2016-tmp, Bug #70979

    Crash on bad SOAP request