[SECURITY] [DLA 444-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 444-1] php5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 29 Feb 2016 19:41:39 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1602291938161.26857@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.3.3.1-7+squeeze29
CVE ID         : CVE-2015-2305 CVE-2015-2348

CVE-2015-2305
   Integer overflow in the regcomp implementation in the Henry
   Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
   32-bit platforms, as used in NetBSD through 6.1.5 and other
   products, might allow context-dependent attackers to execute
   arbitrary code via a large regular expression that leads to
   a heap-based buffer overflow.
CVE-2015-2348
   The move_uploaded_file implementation in
   ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
   before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
   encountering a \x00 character, which allows remote attackers to
   bypass intended extension restrictions and create files with
   unexpected names via a crafted second argument.
   NOTE: this vulnerability exists because of an incomplete fix for
         CVE-2006-7243.
CVE-2016-tmp, Bug #71039
   exec functions ignore length but look for NULL termination
CVE-2016-tmp, Bug #71089
   No check to duplicate zend_extension
CVE-2016-tmp, Bug #71201
   round() segfault on 64-bit builds
CVE-2016-tmp, Bug #71459
   Integer overflow in iptcembed()
CVE-2016-tmp, Bug #71354
   Heap corruption in tar/zip/phar parser
CVE-2016-tmp, Bug #71391
   NULL Pointer Dereference in phar_tar_setupmetadata()
CVE-2016-tmp, Bug #70979
   Crash on bad SOAP request

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJW1JDjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHhsAP/01tI8DLJZXu8dDolHB//B1d
SHOYxKZO7Y3vidVXyyGQdJ+WBai3Ho/yAPptNZpSb6ml9pQBV0atO9n2AYKOEFTo
We3L8aEk1sUUC9PQnrT9z7yXOkAxrh/h09IQL1GtOCzZqSq1TXhqu7M6OvVx+m0T
PCLY98kBeiGOkuccA9KkPBBMTkoq/T0MwWpzFB+vXHa5lc3p4BJRvu/7xvNiaSoh
V4m2ebLInGk8C4yrRRJBl/vCJ4fUhBzCePhBhx/IkEcH0WmGuPv+Zh00UMOAaXZq
5tBaxW37bckg8MzlTbxuIBz6aoooVFzqfGfQrTr2MpM8U/QUOyu9Ew53HDQR5txb
nU6odNJVv5gl1qk/IziTUep5Tysqu5ZuN2B6HvOSBJBUaM0zlt1yU2csx1ZYnKN9
LGUsWkXNEIN/eQ3BraGRD4QxAs8CWy+U+JvElsA1FG3aexeO/OZS+nATWzencqmh
81JuOzgnkqvy5e5Jz6zJwK8ogDQ0dYtBlVzZ4SKGOLgTH2GxJVLryV53dv57pJWo
eSk5IpAacYvmyiIIutVtnosifpO0InbKMml79UwjvtSY1wiZj6Z1nXqF+aaxeGpu
4FNiiwVfpocpgncjTy+NKjUSJKOaKYi7A1WHsM1FBn38zvjE0G3qQm0ocQD625Eu
/Vs7RK+4B1jxVZDH5of2
=xV7K
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 443-1] bsh security update
Next by Date: [SECURITY] [DLA 439-1] linux-2.6 security update
Previous by thread: [SECURITY] [DLA 443-1] bsh security update
Next by thread: [SECURITY] [DLA 439-1] linux-2.6 security update
Index(es):
- Date
- Thread