php5 (5.3.10-1ubuntu3.19) precise-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/streamsfuncs.c,
ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt,
backport CHECK_NULL_PATH to Zend/zend_API.h.
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/dir.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers Thu, 02 Jul 2015 07:42:32 -0400
|
CVE-2015-4021 |
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first ch |
CVE-2015-4022 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP ser |
CVE-2015-4024 |
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x |
CVE-2015-4025 |
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which a |
CVE-2015-4026 |
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 charact |
CVE-2015-4147 |
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_hea |
CVE-2015-4148 |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property |
CVE-2015-4598 |
Incorrect handling of paths with NULs |
CVE-2015-4599 |
Type confusion vulnerability in exception::getTraceAsString |
CVE-2015-4603 |
exception::getTraceAsString issue |
CVE-2015-4643 |
Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) |
CVE-2015-4644 |
Fixed bug #69667 (segfault in php_pgsql_meta_data) |
CVE-2015-2783 |
Buffer Over-read in unserialize when parsing Phar |
|