Red Hat Security Advisory: php55-php security update
🔗 CVE IDs covered (18)
📋 Description
CVE-2015-2783 — php: buffer over-read in Phar metadata parsing CVE-2015-3307 — php: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3329 — php: buffer overflow in phar_set_inode() CVE-2015-3330 — php: pipelined request executed in deinitialized interpreter under httpd 2.4 CVE-2015-3411 — php: missing null byte checks for paths in various PHP extensions CVE-2015-3412 — php: missing null byte checks for paths in various PHP extensions CVE-2015-4021 — php: memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4022 — php: integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4024 — php: multipart/form-data request parsing CPU usage DoS CVE-2015-4025 — php: regressions in 5.4+ CVE-2015-4026 — php: pcntl_exec() accepts paths with NUL character CVE-2015-4598 — php: missing null byte checks for paths in DOM and GD extensions CVE-2015-4602 — php: Incomplete Class unserialization type confusion CVE-2015-4603 — php: exception:: getTraceAsString type confusion issue after unserialize CVE-2015-4604 — php: denial of service when processing a crafted file with Fileinfo CVE-2015-4605 — php: denial of service when processing a crafted file with Fileinfo CVE-2015-4643 — php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022) CVE-2015-4644 — php: NULL pointer dereference in php_pgsql_meta_data()
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2015:1186
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1213394
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1213407
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1213442
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1213446
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1213449
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1222485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223408
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223412
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223422
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223425
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1223441
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1232823
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1232897
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1232918
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1232923
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1186.json