var-201503-0206
Vulnerability from variot
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: php54 security and bug fix update Advisory ID: RHSA-2015:1066-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html Issue date: 2015-06-04 CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 =====================================================================
- Summary:
Updated php54 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities.
The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1. (BZ#1168193)
The following security issues were fixed in the php54-php component:
An uninitialized pointer use flaw was found in PHP's Exif extension. (CVE-2014-9705)
A heap buffer overflow flaw was found in PHP's regular expression extension. (CVE-2015-2305)
A buffer over-read flaw was found in the GD library used by the PHP gd extension. An attacker able to trigger certain error condition in phar archive processing could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-9652)
It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. (CVE-2015-2348)
A flaw was found in the way PHP handled malformed source files when running in CGI mode. (CVE-2014-9427)
The following security issue was fixed in the php54-php-pecl-zendopcache component:
A use-after-free flaw was found in PHP's OPcache extension.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: php54-2.0-1.el6.src.rpm php54-php-5.4.40-1.el6.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm
x86_64: php54-2.0-1.el6.x86_64.rpm php54-php-5.4.40-1.el6.x86_64.rpm php54-php-bcmath-5.4.40-1.el6.x86_64.rpm php54-php-cli-5.4.40-1.el6.x86_64.rpm php54-php-common-5.4.40-1.el6.x86_64.rpm php54-php-dba-5.4.40-1.el6.x86_64.rpm php54-php-debuginfo-5.4.40-1.el6.x86_64.rpm php54-php-devel-5.4.40-1.el6.x86_64.rpm php54-php-enchant-5.4.40-1.el6.x86_64.rpm php54-php-fpm-5.4.40-1.el6.x86_64.rpm php54-php-gd-5.4.40-1.el6.x86_64.rpm php54-php-imap-5.4.40-1.el6.x86_64.rpm php54-php-intl-5.4.40-1.el6.x86_64.rpm php54-php-ldap-5.4.40-1.el6.x86_64.rpm php54-php-mbstring-5.4.40-1.el6.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm php54-php-odbc-5.4.40-1.el6.x86_64.rpm php54-php-pdo-5.4.40-1.el6.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm php54-php-pgsql-5.4.40-1.el6.x86_64.rpm php54-php-process-5.4.40-1.el6.x86_64.rpm php54-php-pspell-5.4.40-1.el6.x86_64.rpm php54-php-recode-5.4.40-1.el6.x86_64.rpm php54-php-snmp-5.4.40-1.el6.x86_64.rpm php54-php-soap-5.4.40-1.el6.x86_64.rpm php54-php-tidy-5.4.40-1.el6.x86_64.rpm php54-php-xml-5.4.40-1.el6.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm php54-runtime-2.0-1.el6.x86_64.rpm php54-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: php54-2.0-1.el7.src.rpm php54-php-5.4.40-1.el7.src.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm
x86_64: php54-2.0-1.el7.x86_64.rpm php54-php-5.4.40-1.el7.x86_64.rpm php54-php-bcmath-5.4.40-1.el7.x86_64.rpm php54-php-cli-5.4.40-1.el7.x86_64.rpm php54-php-common-5.4.40-1.el7.x86_64.rpm php54-php-dba-5.4.40-1.el7.x86_64.rpm php54-php-debuginfo-5.4.40-1.el7.x86_64.rpm php54-php-devel-5.4.40-1.el7.x86_64.rpm php54-php-enchant-5.4.40-1.el7.x86_64.rpm php54-php-fpm-5.4.40-1.el7.x86_64.rpm php54-php-gd-5.4.40-1.el7.x86_64.rpm php54-php-intl-5.4.40-1.el7.x86_64.rpm php54-php-ldap-5.4.40-1.el7.x86_64.rpm php54-php-mbstring-5.4.40-1.el7.x86_64.rpm php54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm php54-php-odbc-5.4.40-1.el7.x86_64.rpm php54-php-pdo-5.4.40-1.el7.x86_64.rpm php54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm php54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm php54-php-pgsql-5.4.40-1.el7.x86_64.rpm php54-php-process-5.4.40-1.el7.x86_64.rpm php54-php-pspell-5.4.40-1.el7.x86_64.rpm php54-php-recode-5.4.40-1.el7.x86_64.rpm php54-php-snmp-5.4.40-1.el7.x86_64.rpm php54-php-soap-5.4.40-1.el7.x86_64.rpm php54-php-xml-5.4.40-1.el7.x86_64.rpm php54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm php54-runtime-2.0-1.el7.x86_64.rpm php54-scldevel-2.0-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9427 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-1351 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2305 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe YJoyzmnxjsdToxpNcMlTQOw= =BUIg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. Please note that this package build also moves the configuration files from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package: 30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package: 1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Release Date: 2015-06-10 Last Updated: 2015-06-10
Potential Security Impact: Remote denial of service (DoS), man-in-the-middle (MitM) attack, modification of data, local modification of data
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.
HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier
HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier
HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier
HP-UX B.11.31 running PHP v5.4.11.04 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities.
The updates are available for download from http://software.hp.com
NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01, Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13
HP-UX 11i Release Apache Depot name
B.11.31 (11i v3 32-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
B.11.31 (11i v3 64-bit) HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v4.05 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.29.01 or subsequent
hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.43.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 10 June 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:080 http://www.mandriva.com/en/support/security/
Package : php Date : March 28, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in php:
It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943).
A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270).
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345).
PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185).
A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237).
A flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).
The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).
It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).
A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).
Multiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).
The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721). NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587). NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597).
An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669).
A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).
If client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089).
An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash (CVE-2014-3710).
A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142).
sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427).
Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232).
The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module.
S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding.
Taoguang Chen discovered that PHP incorrectly handled unserializing objects.
It was discovered that PHP incorrectly handled memory in the phar extension. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).
It was discovered that the PHP opcache component incorrectly handled memory.
It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers.
PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to the libmagic issues.
The updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the CVE-2015-2331 flaw.
A bug in the php zip extension that could cause a crash has been fixed (mga#13820)
Additionally the jsonc and timezonedb packages has been upgraded to the latest versions and the PECL packages which requires so has been rebuilt for php-5.5.23.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331 http://php.net/ChangeLog-5.php#5.5.9 http://php.net/ChangeLog-5.php#5.5.10 http://php.net/ChangeLog-5.php#5.5.11 http://php.net/ChangeLog-5.php#5.5.12 http://php.net/ChangeLog-5.php#5.5.13 http://php.net/ChangeLog-5.php#5.5.14 http://php.net/ChangeLog-5.php#5.5.15 http://php.net/ChangeLog-5.php#5.5.16 http://php.net/ChangeLog-5.php#5.5.17 http://php.net/ChangeLog-5.php#5.5.18 http://php.net/ChangeLog-5.php#5.5.19 http://php.net/ChangeLog-5.php#5.5.20 http://php.net/ChangeLog-5.php#5.5.21 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.22 http://php.net/ChangeLog-5.php#5.5.23 http://www.ubuntu.com/usn/usn-2535-1/ http://www.ubuntu.com/usn/usn-2501-1/ https://bugzilla.redhat.com/show_bug.cgi?id=1204676 http://advisories.mageia.org/MGASA-2014-0163.html http://advisories.mageia.org/MGASA-2014-0178.html http://advisories.mageia.org/MGASA-2014-0215.html http://advisories.mageia.org/MGASA-2014-0258.html http://advisories.mageia.org/MGASA-2014-0284.html http://advisories.mageia.org/MGASA-2014-0324.html http://advisories.mageia.org/MGASA-2014-0367.html http://advisories.mageia.org/MGASA-2014-0430.html http://advisories.mageia.org/MGASA-2014-0441.html http://advisories.mageia.org/MGASA-2014-0542.html http://advisories.mageia.org/MGASA-2015-0040.html https://bugs.mageia.org/show_bug.cgi?id=13820
Updated Packages:
Mandriva Business Server 2/X86_64: a4e09575e26b690bd44801a126795ce9 mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm e156aaf446f543279f758b767e5ce6f2 mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm cf1653dd6b3606ff8983739fe7728502 mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm 2ed6c588ca428a502ab995726d497527 mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm 91fd4a50d38c904247519a34f71ac9a7 mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm 0fad2aa8ca3bed422588c7d7c349e3e7 mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm b797a14554b170f1f2c307eebd5011ce mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm 83abadd87c78c719b585acbfcbf1f54a mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm 71b728b5c58335c37e9ee059a98179b5 mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm d6047e2545b396ad29b2619c3d811b49 mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm 933344ca17f96bd844db47c993b8ce1a mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm 0278a991ed7a7ea1d51c6651b1157744 mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm a3f172d95d061f6a2ba9ce562f1068ac mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm d239cccc6594bfe8169c0b5300ca1dd0 mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm 73a234b9c369a20c349fca7f425b405a mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm ab4caa5f1a397e2f267479f08616d027 mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm 016b8d010a1866935f2a6889b712300c mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm f9bd5f358336ea8a997f85f4d690fd40 mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm 9f0ef885d5e7abb84c1b0c6242bd1a54 mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm f551fc699944abdbd78cd1f74e1db713 mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm 10c6ad89a0707acdff025ee0166b4361 mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm fad5946e3ff8bf1d3b7215fee229b934 mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm c74071a614cc4f8d5ac612736264aad2 mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm 788e0972b5aa918a0c8ce2b0e30270a6 mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm 996120d4c1fa233bdb38aedf0718f593 mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm e032d9a3c8e078242347623f1ff51b5a mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm c1da3a1898b05995091ad1c2237bdf6a mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm 37b4a5d86006024878d397a8478d5a42 mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm bd10d9a55ee8db73b4d80dae1e14e4e0 mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm 4cb54cd72bd26728bb29f5d00a5174af mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm 2713dca82ad94d88b379db3fa012ed2d mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm f0a9187b81e038400dae4e01123b751c mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm c395a0cb573d9432c9e4c2a4b92d1d0f mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm f2374e34b874072d2268acf1c72b383a mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm 7ca3ce3a9464933af1a147c206c25d0d mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm dbe828f1c2caa3eef932fc0c14a7e2e9 mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm 995e9f09906309252d850618c3fffaa6 mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm c474c1f1dc45f14ea5357092277d2f22 mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm cdcb4872386b83ef3969f918bf99f941 mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm cbb1652273fb07f216c50b8d1b5445c2 mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm 29ab61a3d1d00ad57c875d87b62d2e12 mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm 349f796a960ef2207b30a06e386f2653 mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm 7a7411900384da8741e32a3f6f8036c2 mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm ba3b14e45177b257ada03f7ff4b16deb mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm ae5b57dbff67c7595e154313321ff693 mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm 8782f71797f7cb271a514b735b19621a mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm ac39db58d4100f3d2d24593d3b5907fc mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm 210b990793c2d616fb0aecc4fde28eb6 mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm 6ae4df7959ddd3a8a0724ddddbe41a71 mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm 1f9bdab81fa668dd583abe873892993e mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm f0cbb5dde255f5c8fa3e04e3a5314ab1 mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm e46ac8c820911a6091540e135f103154 mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm 5050a745bfc3b1f5eeced2dd85f79721 mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm c9093134a518c07f4e8a188987f853d3 mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm 2b48c3f35573e00b5ba4327e8edc05f2 mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm ae2157230db4d6e28698db384c8f7fcb mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm 2610a739bfa29ff11e648c7baa1d8bc3 mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm b7999e11cf9d2ab510263e32cabaf312 mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm ab665c30f0d2f13baa1c6475b7df7cac mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm f331837ba716316cef094765a1700101 mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm 134f8bb18790bd023e73919a794703a0 mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm 4b4aa44d0ac56629610bb0444f199df5 mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm fc69f644f36308d81f37f356b76e40a1 mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm 981b7ef6715aacfe9250b206dbbbad31 mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm 91c006555173d03f1d25899947702673 mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm 62e5fa5fa8b4d89d7835f2f68169af14 mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm 0c5a9237c710dd098c8bb56018f7a142 mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm d94aa68a9ce76bce5c962c58f37ac5a5 mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm 317c7da32daa223560dc08bbae89d98d mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm 9b2cf90dfc6f6bdc0431a6f94d43a947 mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm 0a1b6e0beeb36f24f9250a352fbff1e9 mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm 598925bc71347774e805b6fcfcbcf590 mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm 49a1f8e773e98bb101488b805670651c mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm 0b7c2f2fe7b3103631dd07d12d443e06 mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm 5cb68626d863213de934655dac8342c8 mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm a27bab106c0ba87f220ff35937210a63 mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm 3dd6a6eeb12c7207446053e4785d6974 mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm 5d69769d822628a5bf1485eaa1251b8e mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm 0a629c11ca23ba56d57f61a754def293 mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFlFxmqjQ0CJFipgRApIaAJ0TuOLlCRGmp4O6TdNSKUpeRBS2xACgzIEB yZuDdHZcMPOQTP7seWcvVWc= =esZS -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2535-1 March 18, 2015
php5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP. (CVE-2015-2301)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3 php5-cgi 5.5.12+dfsg-2ubuntu4.3 php5-cli 5.5.12+dfsg-2ubuntu4.3 php5-enchant 5.5.12+dfsg-2ubuntu4.3 php5-fpm 5.5.12+dfsg-2ubuntu4.3
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7 php5-cgi 5.5.9+dfsg-1ubuntu4.7 php5-cli 5.5.9+dfsg-1ubuntu4.7 php5-enchant 5.5.9+dfsg-1ubuntu4.7 php5-fpm 5.5.9+dfsg-1ubuntu4.7
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.17 php5-cgi 5.3.10-1ubuntu3.17 php5-cli 5.3.10-1ubuntu3.17 php5-enchant 5.3.10-1ubuntu3.17 php5-fpm 5.3.10-1ubuntu3.17
Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.29 php5-cgi 5.3.2-1ubuntu4.29 php5-cli 5.3.2-1ubuntu4.29 php5-enchant 5.3.2-1ubuntu4.29
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.4.40"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.18"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.13"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.20"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.15"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.16"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.21"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.19"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.17"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.5.14"
},
{
"model": "php",
"scope": "eq",
"trust": 0.6,
"vendor": "php",
"version": "5.6.0"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "virtual connect enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "insight orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
}
],
"sources": [
{
"db": "BID",
"id": "73037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xinchen Hui",
"sources": [
{
"db": "BID",
"id": "73037"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2301",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2301",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80262",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2301",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80262",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-2301",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80262"
},
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. PHP is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: php54 security and bug fix update\nAdvisory ID: RHSA-2015:1066-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1066.html\nIssue date: 2015-06-04\nCVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 \n CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 \n CVE-2015-0232 CVE-2015-0273 CVE-2015-1351 \n CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 \n CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 \n=====================================================================\n\n1. Summary:\n\nUpdated php54 collection packages that fix multiple security issues and\nseveral bugs are now available as part of Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. The php54 packages provide a recent stable release of PHP with\nthe PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a\nnumber of additional utilities. \n\nThe php54 packages have been upgraded to upstream version 5.4.40, which\nprovides a number of bug fixes over the version shipped in Red Hat Software\nCollections 1. (BZ#1168193)\n\nThe following security issues were fixed in the php54-php component:\n\nAn uninitialized pointer use flaw was found in PHP\u0027s Exif extension. \n(CVE-2014-9705)\n\nA heap buffer overflow flaw was found in PHP\u0027s regular expression\nextension. (CVE-2015-2305)\n\nA buffer over-read flaw was found in the GD library used by the PHP gd\nextension. \nAn attacker able to trigger certain error condition in phar archive\nprocessing could possibly use this flaw to disclose certain portions of\nserver memory. (CVE-2014-9652)\n\nIt was found that PHP move_uploaded_file() function did not properly handle\nfile names with a NULL character. (CVE-2015-2348)\n\nA flaw was found in the way PHP handled malformed source files when running\nin CGI mode. \n(CVE-2014-9427)\n\nThe following security issue was fixed in the php54-php-pecl-zendopcache\ncomponent:\n\nA use-after-free flaw was found in PHP\u0027s OPcache extension. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp54-2.0-1.el6.src.rpm\nphp54-php-5.4.40-1.el6.src.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm\n\nx86_64:\nphp54-2.0-1.el6.x86_64.rpm\nphp54-php-5.4.40-1.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-1.el6.x86_64.rpm\nphp54-php-cli-5.4.40-1.el6.x86_64.rpm\nphp54-php-common-5.4.40-1.el6.x86_64.rpm\nphp54-php-dba-5.4.40-1.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-1.el6.x86_64.rpm\nphp54-php-devel-5.4.40-1.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-1.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-1.el6.x86_64.rpm\nphp54-php-gd-5.4.40-1.el6.x86_64.rpm\nphp54-php-imap-5.4.40-1.el6.x86_64.rpm\nphp54-php-intl-5.4.40-1.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-1.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-1.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-1.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-1.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-1.el6.x86_64.rpm\nphp54-php-process-5.4.40-1.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-1.el6.x86_64.rpm\nphp54-php-recode-5.4.40-1.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-1.el6.x86_64.rpm\nphp54-php-soap-5.4.40-1.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-1.el6.x86_64.rpm\nphp54-php-xml-5.4.40-1.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm\nphp54-runtime-2.0-1.el6.x86_64.rpm\nphp54-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nphp54-2.0-1.el6.src.rpm\nphp54-php-5.4.40-1.el6.src.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm\n\nx86_64:\nphp54-2.0-1.el6.x86_64.rpm\nphp54-php-5.4.40-1.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-1.el6.x86_64.rpm\nphp54-php-cli-5.4.40-1.el6.x86_64.rpm\nphp54-php-common-5.4.40-1.el6.x86_64.rpm\nphp54-php-dba-5.4.40-1.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-1.el6.x86_64.rpm\nphp54-php-devel-5.4.40-1.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-1.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-1.el6.x86_64.rpm\nphp54-php-gd-5.4.40-1.el6.x86_64.rpm\nphp54-php-imap-5.4.40-1.el6.x86_64.rpm\nphp54-php-intl-5.4.40-1.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-1.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-1.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-1.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-1.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-1.el6.x86_64.rpm\nphp54-php-process-5.4.40-1.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-1.el6.x86_64.rpm\nphp54-php-recode-5.4.40-1.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-1.el6.x86_64.rpm\nphp54-php-soap-5.4.40-1.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-1.el6.x86_64.rpm\nphp54-php-xml-5.4.40-1.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm\nphp54-runtime-2.0-1.el6.x86_64.rpm\nphp54-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp54-2.0-1.el6.src.rpm\nphp54-php-5.4.40-1.el6.src.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm\n\nx86_64:\nphp54-2.0-1.el6.x86_64.rpm\nphp54-php-5.4.40-1.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-1.el6.x86_64.rpm\nphp54-php-cli-5.4.40-1.el6.x86_64.rpm\nphp54-php-common-5.4.40-1.el6.x86_64.rpm\nphp54-php-dba-5.4.40-1.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-1.el6.x86_64.rpm\nphp54-php-devel-5.4.40-1.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-1.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-1.el6.x86_64.rpm\nphp54-php-gd-5.4.40-1.el6.x86_64.rpm\nphp54-php-imap-5.4.40-1.el6.x86_64.rpm\nphp54-php-intl-5.4.40-1.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-1.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-1.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-1.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-1.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-1.el6.x86_64.rpm\nphp54-php-process-5.4.40-1.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-1.el6.x86_64.rpm\nphp54-php-recode-5.4.40-1.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-1.el6.x86_64.rpm\nphp54-php-soap-5.4.40-1.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-1.el6.x86_64.rpm\nphp54-php-xml-5.4.40-1.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm\nphp54-runtime-2.0-1.el6.x86_64.rpm\nphp54-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp54-2.0-1.el6.src.rpm\nphp54-php-5.4.40-1.el6.src.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.src.rpm\n\nx86_64:\nphp54-2.0-1.el6.x86_64.rpm\nphp54-php-5.4.40-1.el6.x86_64.rpm\nphp54-php-bcmath-5.4.40-1.el6.x86_64.rpm\nphp54-php-cli-5.4.40-1.el6.x86_64.rpm\nphp54-php-common-5.4.40-1.el6.x86_64.rpm\nphp54-php-dba-5.4.40-1.el6.x86_64.rpm\nphp54-php-debuginfo-5.4.40-1.el6.x86_64.rpm\nphp54-php-devel-5.4.40-1.el6.x86_64.rpm\nphp54-php-enchant-5.4.40-1.el6.x86_64.rpm\nphp54-php-fpm-5.4.40-1.el6.x86_64.rpm\nphp54-php-gd-5.4.40-1.el6.x86_64.rpm\nphp54-php-imap-5.4.40-1.el6.x86_64.rpm\nphp54-php-intl-5.4.40-1.el6.x86_64.rpm\nphp54-php-ldap-5.4.40-1.el6.x86_64.rpm\nphp54-php-mbstring-5.4.40-1.el6.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-1.el6.x86_64.rpm\nphp54-php-odbc-5.4.40-1.el6.x86_64.rpm\nphp54-php-pdo-5.4.40-1.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el6.x86_64.rpm\nphp54-php-pecl-zendopcache-debuginfo-7.0.4-3.el6.x86_64.rpm\nphp54-php-pgsql-5.4.40-1.el6.x86_64.rpm\nphp54-php-process-5.4.40-1.el6.x86_64.rpm\nphp54-php-pspell-5.4.40-1.el6.x86_64.rpm\nphp54-php-recode-5.4.40-1.el6.x86_64.rpm\nphp54-php-snmp-5.4.40-1.el6.x86_64.rpm\nphp54-php-soap-5.4.40-1.el6.x86_64.rpm\nphp54-php-tidy-5.4.40-1.el6.x86_64.rpm\nphp54-php-xml-5.4.40-1.el6.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-1.el6.x86_64.rpm\nphp54-runtime-2.0-1.el6.x86_64.rpm\nphp54-scldevel-2.0-1.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp54-2.0-1.el7.src.rpm\nphp54-php-5.4.40-1.el7.src.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el7.src.rpm\n\nx86_64:\nphp54-2.0-1.el7.x86_64.rpm\nphp54-php-5.4.40-1.el7.x86_64.rpm\nphp54-php-bcmath-5.4.40-1.el7.x86_64.rpm\nphp54-php-cli-5.4.40-1.el7.x86_64.rpm\nphp54-php-common-5.4.40-1.el7.x86_64.rpm\nphp54-php-dba-5.4.40-1.el7.x86_64.rpm\nphp54-php-debuginfo-5.4.40-1.el7.x86_64.rpm\nphp54-php-devel-5.4.40-1.el7.x86_64.rpm\nphp54-php-enchant-5.4.40-1.el7.x86_64.rpm\nphp54-php-fpm-5.4.40-1.el7.x86_64.rpm\nphp54-php-gd-5.4.40-1.el7.x86_64.rpm\nphp54-php-intl-5.4.40-1.el7.x86_64.rpm\nphp54-php-ldap-5.4.40-1.el7.x86_64.rpm\nphp54-php-mbstring-5.4.40-1.el7.x86_64.rpm\nphp54-php-mysqlnd-5.4.40-1.el7.x86_64.rpm\nphp54-php-odbc-5.4.40-1.el7.x86_64.rpm\nphp54-php-pdo-5.4.40-1.el7.x86_64.rpm\nphp54-php-pecl-zendopcache-7.0.4-3.el7.x86_64.rpm\nphp54-php-pecl-zendopcache-debuginfo-7.0.4-3.el7.x86_64.rpm\nphp54-php-pgsql-5.4.40-1.el7.x86_64.rpm\nphp54-php-process-5.4.40-1.el7.x86_64.rpm\nphp54-php-pspell-5.4.40-1.el7.x86_64.rpm\nphp54-php-recode-5.4.40-1.el7.x86_64.rpm\nphp54-php-snmp-5.4.40-1.el7.x86_64.rpm\nphp54-php-soap-5.4.40-1.el7.x86_64.rpm\nphp54-php-xml-5.4.40-1.el7.x86_64.rpm\nphp54-php-xmlrpc-5.4.40-1.el7.x86_64.rpm\nphp54-runtime-2.0-1.el7.x86_64.rpm\nphp54-scldevel-2.0-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8142\nhttps://access.redhat.com/security/cve/CVE-2014-9427\nhttps://access.redhat.com/security/cve/CVE-2014-9652\nhttps://access.redhat.com/security/cve/CVE-2014-9705\nhttps://access.redhat.com/security/cve/CVE-2014-9709\nhttps://access.redhat.com/security/cve/CVE-2015-0231\nhttps://access.redhat.com/security/cve/CVE-2015-0232\nhttps://access.redhat.com/security/cve/CVE-2015-0273\nhttps://access.redhat.com/security/cve/CVE-2015-1351\nhttps://access.redhat.com/security/cve/CVE-2015-2301\nhttps://access.redhat.com/security/cve/CVE-2015-2305\nhttps://access.redhat.com/security/cve/CVE-2015-2348\nhttps://access.redhat.com/security/cve/CVE-2015-2787\nhttps://access.redhat.com/security/cve/CVE-2015-4147\nhttps://access.redhat.com/security/cve/CVE-2015-4148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVcBYSXlSAg2UNWIIRAoT1AJ9XFBGeD9SIxEla6ub7VHSrmJAtcgCfSjPe\nYJoyzmnxjsdToxpNcMlTQOw=\n=BUIg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded. \n Please note that this package build also moves the configuration files\n from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.4.40-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nRelease Date: 2015-06-10\nLast Updated: 2015-06-10\n\nPotential Security Impact: Remote denial of service (DoS), man-in-the-middle\n(MitM) attack, modification of data, local modification of data\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the HP-UX Apache\nWeb Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited\nremotely to create a Denial of Service (DoS) and other vulnerabilities. \n\nHP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier\n\nHP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier\n\nHP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier\n\nHP-UX B.11.31 running PHP v5.4.11.04 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the\nvulnerabilities. \n\nThe updates are available for download from http://software.hp.com\n\nNOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01,\nTomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13\n\nHP-UX 11i Release\n Apache Depot name\n\nB.11.31 (11i v3 32-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nB.11.31 (11i v3 64-bit)\n HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v4.05 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.29.01 or subsequent\n\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.43.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 10 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:080\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : php\n Date : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in php:\n \n It was discovered that the file utility contains a flaw in the handling\n of indirect magic rules in the libmagic library, which leads to an\n infinite recursion when trying to determine the file type of certain\n files (CVE-2014-1943). \n \n A flaw was found in the way the file utility determined the type of\n Portable Executable (PE) format files, the executable format used on\n Windows. A malicious PE file could cause the file utility to crash or,\n potentially, execute arbitrary code (CVE-2014-2270). \n \n The BEGIN regular expression in the awk script detector in\n magic/Magdir/commands in file before 5.15 uses multiple wildcards\n with unlimited repetitions, which allows context-dependent attackers\n to cause a denial of service (CPU consumption) via a crafted ASCII\n file that triggers a large amount of backtracking, as demonstrated\n via a file with many newline characters (CVE-2013-7345). \n \n PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain\n socket with world-writable permissions by default, which allows any\n local user to connect to it and execute PHP scripts as the apache user\n (CVE-2014-0185). \n \n A flaw was found in the way file\u0026#039;s Composite Document Files (CDF)\n format parser handle CDF files with many summary info entries. \n The cdf_unpack_summary_info() function unnecessarily repeatedly read\n the info from the same offset. This led to many file_printf() calls in\n cdf_file_property_info(), which caused file to use an excessive amount\n of CPU time when parsing a specially-crafted CDF file (CVE-2014-0237). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files. A property entry with 0 elements\n triggers an infinite loop (CVE-2014-0238). \n \n The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue related to the SPL ArrayObject and SPLObjectStorage\n Types (CVE-2014-3515). \n \n It was discovered that PHP is vulnerable to a heap-based buffer\n overflow in the DNS TXT record parsing. A malicious server or\n man-in-the-middle attacker could possibly use this flaw to execute\n arbitrary code as the PHP interpreter if a PHP application uses\n dns_get_record() to perform a DNS query (CVE-2014-4049). \n \n A flaw was found in the way file parsed property information from\n Composite Document Files (CDF) files, where the mconvert() function did\n not correctly compute the truncated pascal string size (CVE-2014-3478). \n \n Multiple flaws were found in the way file parsed property information\n from Composite Document Files (CDF) files, due to insufficient boundary\n checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480,\n CVE-2014-3487). \n \n The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type\n Confusion issue that can cause it to leak arbitrary process memory\n (CVE-2014-4721). NOTE: this vulnerability exists because of an incomplete fix\n for CVE-2012-1571 (CVE-2014-3587). NOTE:\n this issue exists because of an incomplete fix for CVE-2014-4049\n (CVE-2014-3597). \n \n An integer overflow flaw in PHP\u0026#039;s unserialize() function was\n reported. If unserialize() were used on untrusted data, this\n issue could lead to a crash or potentially information disclosure\n (CVE-2014-3669). \n \n A heap corruption issue was reported in PHP\u0026#039;s exif_thumbnail()\n function. A specially-crafted JPEG image could cause the PHP\n interpreter to crash or, potentially, execute arbitrary code\n (CVE-2014-3670). \n \n If client-supplied input was passed to PHP\u0026#039;s cURL client as a URL to\n download, it could return local files from the server due to improper\n handling of null bytes (PHP#68089). \n \n An out-of-bounds read flaw was found in file\u0026#039;s donote() function in the\n way the file utility determined the note headers of a elf file. This\n could possibly lead to file executable crash (CVE-2014-3710). \n \n A use-after-free flaw was found in PHP unserialize(). An untrusted\n input could cause PHP interpreter to crash or, possibly, execute\n arbitrary code when processed using unserialize() (CVE-2014-8142). \n \n sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when\n mmap is used to read a .php file, does not properly consider the\n mapping\u0026#039;s length during processing of an invalid file that begins\n with a # character and lacks a newline character, which causes an\n out-of-bounds read and might allow remote attackers to obtain sensitive\n information from php-cgi process memory by leveraging the ability to\n upload a .php file or trigger unexpected code execution if a valid\n PHP script is present in memory locations adjacent to the mapping\n (CVE-2014-9427). \n \n Free called on an uninitialized pointer in php-exif in PHP before\n 5.5.21 (CVE-2015-0232). \n \n The readelf.c source file has been removed from PHP\u0026#039;s bundled copy of\n file\u0026#039;s libmagic, eliminating exposure to denial of service issues in\n ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620\n and CVE-2014-9621 in PHP\u0026#039;s fileinfo module. \n \n S. Paraschoudis discovered that PHP incorrectly handled memory in\n the enchant binding. \n \n Taoguang Chen discovered that PHP incorrectly handled unserializing\n objects. \n \n It was discovered that PHP incorrectly handled memory in the phar\n extension. NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2014-8142 (CVE-2015-0231). \n \n An integer overflow flaw, leading to a heap-based buffer overflow,\n was found in the way libzip, which is embedded in PHP, processed\n certain ZIP archives. If an attacker were able to supply a specially\n crafted ZIP archive to an application using libzip, it could cause\n the application to crash or, possibly, execute arbitrary code\n (CVE-2015-2331). \n \n It was discovered that the PHP opcache component incorrectly handled\n memory. \n \n It was discovered that the PHP PostgreSQL database extension\n incorrectly handled certain pointers. \n \n PHP contains a bundled copy of the file utility\u0026#039;s libmagic library,\n so it was vulnerable to the libmagic issues. \n \n The updated php packages have been patched and upgraded to the 5.5.23\n version which is not vulnerable to these issues. The libzip packages\n has been patched to address the CVE-2015-2331 flaw. \n \n A bug in the php zip extension that could cause a crash has been fixed\n (mga#13820)\n \n Additionally the jsonc and timezonedb packages has been upgraded to\n the latest versions and the PECL packages which requires so has been\n rebuilt for php-5.5.23. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331\n http://php.net/ChangeLog-5.php#5.5.9\n http://php.net/ChangeLog-5.php#5.5.10\n http://php.net/ChangeLog-5.php#5.5.11\n http://php.net/ChangeLog-5.php#5.5.12\n http://php.net/ChangeLog-5.php#5.5.13\n http://php.net/ChangeLog-5.php#5.5.14\n http://php.net/ChangeLog-5.php#5.5.15\n http://php.net/ChangeLog-5.php#5.5.16\n http://php.net/ChangeLog-5.php#5.5.17\n http://php.net/ChangeLog-5.php#5.5.18\n http://php.net/ChangeLog-5.php#5.5.19\n http://php.net/ChangeLog-5.php#5.5.20\n http://php.net/ChangeLog-5.php#5.5.21\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.22\n http://php.net/ChangeLog-5.php#5.5.23\n http://www.ubuntu.com/usn/usn-2535-1/\n http://www.ubuntu.com/usn/usn-2501-1/\n https://bugzilla.redhat.com/show_bug.cgi?id=1204676\n http://advisories.mageia.org/MGASA-2014-0163.html\n http://advisories.mageia.org/MGASA-2014-0178.html\n http://advisories.mageia.org/MGASA-2014-0215.html\n http://advisories.mageia.org/MGASA-2014-0258.html\n http://advisories.mageia.org/MGASA-2014-0284.html\n http://advisories.mageia.org/MGASA-2014-0324.html\n http://advisories.mageia.org/MGASA-2014-0367.html\n http://advisories.mageia.org/MGASA-2014-0430.html\n http://advisories.mageia.org/MGASA-2014-0441.html\n http://advisories.mageia.org/MGASA-2014-0542.html\n http://advisories.mageia.org/MGASA-2015-0040.html\n https://bugs.mageia.org/show_bug.cgi?id=13820\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n a4e09575e26b690bd44801a126795ce9 mbs2/x86_64/apache-mod_php-5.5.23-1.mbs2.x86_64.rpm\n e156aaf446f543279f758b767e5ce6f2 mbs2/x86_64/lib64php5_common5-5.5.23-1.mbs2.x86_64.rpm\n cf1653dd6b3606ff8983739fe7728502 mbs2/x86_64/lib64zip2-0.11.2-1.1.mbs2.x86_64.rpm\n 2ed6c588ca428a502ab995726d497527 mbs2/x86_64/lib64zip-devel-0.11.2-1.1.mbs2.x86_64.rpm\n 91fd4a50d38c904247519a34f71ac9a7 mbs2/x86_64/libzip-0.11.2-1.1.mbs2.x86_64.rpm\n 0fad2aa8ca3bed422588c7d7c349e3e7 mbs2/x86_64/php-bcmath-5.5.23-1.mbs2.x86_64.rpm\n b797a14554b170f1f2c307eebd5011ce mbs2/x86_64/php-bz2-5.5.23-1.mbs2.x86_64.rpm\n 83abadd87c78c719b585acbfcbf1f54a mbs2/x86_64/php-calendar-5.5.23-1.mbs2.x86_64.rpm\n 71b728b5c58335c37e9ee059a98179b5 mbs2/x86_64/php-cgi-5.5.23-1.mbs2.x86_64.rpm\n d6047e2545b396ad29b2619c3d811b49 mbs2/x86_64/php-cli-5.5.23-1.mbs2.x86_64.rpm\n 933344ca17f96bd844db47c993b8ce1a mbs2/x86_64/php-ctype-5.5.23-1.mbs2.x86_64.rpm\n 0278a991ed7a7ea1d51c6651b1157744 mbs2/x86_64/php-curl-5.5.23-1.mbs2.x86_64.rpm\n a3f172d95d061f6a2ba9ce562f1068ac mbs2/x86_64/php-dba-5.5.23-1.mbs2.x86_64.rpm\n d239cccc6594bfe8169c0b5300ca1dd0 mbs2/x86_64/php-devel-5.5.23-1.mbs2.x86_64.rpm\n 73a234b9c369a20c349fca7f425b405a mbs2/x86_64/php-doc-5.5.23-1.mbs2.noarch.rpm\n ab4caa5f1a397e2f267479f08616d027 mbs2/x86_64/php-dom-5.5.23-1.mbs2.x86_64.rpm\n 016b8d010a1866935f2a6889b712300c mbs2/x86_64/php-enchant-5.5.23-1.mbs2.x86_64.rpm\n f9bd5f358336ea8a997f85f4d690fd40 mbs2/x86_64/php-exif-5.5.23-1.mbs2.x86_64.rpm\n 9f0ef885d5e7abb84c1b0c6242bd1a54 mbs2/x86_64/php-fileinfo-5.5.23-1.mbs2.x86_64.rpm\n f551fc699944abdbd78cd1f74e1db713 mbs2/x86_64/php-filter-5.5.23-1.mbs2.x86_64.rpm\n 10c6ad89a0707acdff025ee0166b4361 mbs2/x86_64/php-fpm-5.5.23-1.mbs2.x86_64.rpm\n fad5946e3ff8bf1d3b7215fee229b934 mbs2/x86_64/php-ftp-5.5.23-1.mbs2.x86_64.rpm\n c74071a614cc4f8d5ac612736264aad2 mbs2/x86_64/php-gd-5.5.23-1.mbs2.x86_64.rpm\n 788e0972b5aa918a0c8ce2b0e30270a6 mbs2/x86_64/php-gettext-5.5.23-1.mbs2.x86_64.rpm\n 996120d4c1fa233bdb38aedf0718f593 mbs2/x86_64/php-gmp-5.5.23-1.mbs2.x86_64.rpm\n e032d9a3c8e078242347623f1ff51b5a mbs2/x86_64/php-hash-5.5.23-1.mbs2.x86_64.rpm\n c1da3a1898b05995091ad1c2237bdf6a mbs2/x86_64/php-iconv-5.5.23-1.mbs2.x86_64.rpm\n 37b4a5d86006024878d397a8478d5a42 mbs2/x86_64/php-imap-5.5.23-1.mbs2.x86_64.rpm\n bd10d9a55ee8db73b4d80dae1e14e4e0 mbs2/x86_64/php-ini-5.5.23-1.mbs2.x86_64.rpm\n 4cb54cd72bd26728bb29f5d00a5174af mbs2/x86_64/php-interbase-5.5.23-1.mbs2.x86_64.rpm\n 2713dca82ad94d88b379db3fa012ed2d mbs2/x86_64/php-intl-5.5.23-1.mbs2.x86_64.rpm\n f0a9187b81e038400dae4e01123b751c mbs2/x86_64/php-json-5.5.23-1.mbs2.x86_64.rpm\n c395a0cb573d9432c9e4c2a4b92d1d0f mbs2/x86_64/php-ldap-5.5.23-1.mbs2.x86_64.rpm\n f2374e34b874072d2268acf1c72b383a mbs2/x86_64/php-mbstring-5.5.23-1.mbs2.x86_64.rpm\n 7ca3ce3a9464933af1a147c206c25d0d mbs2/x86_64/php-mcrypt-5.5.23-1.mbs2.x86_64.rpm\n dbe828f1c2caa3eef932fc0c14a7e2e9 mbs2/x86_64/php-mssql-5.5.23-1.mbs2.x86_64.rpm\n 995e9f09906309252d850618c3fffaa6 mbs2/x86_64/php-mysql-5.5.23-1.mbs2.x86_64.rpm\n c474c1f1dc45f14ea5357092277d2f22 mbs2/x86_64/php-mysqli-5.5.23-1.mbs2.x86_64.rpm\n cdcb4872386b83ef3969f918bf99f941 mbs2/x86_64/php-mysqlnd-5.5.23-1.mbs2.x86_64.rpm\n cbb1652273fb07f216c50b8d1b5445c2 mbs2/x86_64/php-odbc-5.5.23-1.mbs2.x86_64.rpm\n 29ab61a3d1d00ad57c875d87b62d2e12 mbs2/x86_64/php-opcache-5.5.23-1.mbs2.x86_64.rpm\n 349f796a960ef2207b30a06e386f2653 mbs2/x86_64/php-openssl-5.5.23-1.mbs2.x86_64.rpm\n 7a7411900384da8741e32a3f6f8036c2 mbs2/x86_64/php-pcntl-5.5.23-1.mbs2.x86_64.rpm\n ba3b14e45177b257ada03f7ff4b16deb mbs2/x86_64/php-pdo-5.5.23-1.mbs2.x86_64.rpm\n ae5b57dbff67c7595e154313321ff693 mbs2/x86_64/php-pdo_dblib-5.5.23-1.mbs2.x86_64.rpm\n 8782f71797f7cb271a514b735b19621a mbs2/x86_64/php-pdo_firebird-5.5.23-1.mbs2.x86_64.rpm\n ac39db58d4100f3d2d24593d3b5907fc mbs2/x86_64/php-pdo_mysql-5.5.23-1.mbs2.x86_64.rpm\n 210b990793c2d616fb0aecc4fde28eb6 mbs2/x86_64/php-pdo_odbc-5.5.23-1.mbs2.x86_64.rpm\n 6ae4df7959ddd3a8a0724ddddbe41a71 mbs2/x86_64/php-pdo_pgsql-5.5.23-1.mbs2.x86_64.rpm\n 1f9bdab81fa668dd583abe873892993e mbs2/x86_64/php-pdo_sqlite-5.5.23-1.mbs2.x86_64.rpm\n f0cbb5dde255f5c8fa3e04e3a5314ab1 mbs2/x86_64/php-pgsql-5.5.23-1.mbs2.x86_64.rpm\n e46ac8c820911a6091540e135f103154 mbs2/x86_64/php-phar-5.5.23-1.mbs2.x86_64.rpm\n 5050a745bfc3b1f5eeced2dd85f79721 mbs2/x86_64/php-posix-5.5.23-1.mbs2.x86_64.rpm\n c9093134a518c07f4e8a188987f853d3 mbs2/x86_64/php-readline-5.5.23-1.mbs2.x86_64.rpm\n 2b48c3f35573e00b5ba4327e8edc05f2 mbs2/x86_64/php-recode-5.5.23-1.mbs2.x86_64.rpm\n ae2157230db4d6e28698db384c8f7fcb mbs2/x86_64/php-session-5.5.23-1.mbs2.x86_64.rpm\n 2610a739bfa29ff11e648c7baa1d8bc3 mbs2/x86_64/php-shmop-5.5.23-1.mbs2.x86_64.rpm\n b7999e11cf9d2ab510263e32cabaf312 mbs2/x86_64/php-snmp-5.5.23-1.mbs2.x86_64.rpm\n ab665c30f0d2f13baa1c6475b7df7cac mbs2/x86_64/php-soap-5.5.23-1.mbs2.x86_64.rpm\n f331837ba716316cef094765a1700101 mbs2/x86_64/php-sockets-5.5.23-1.mbs2.x86_64.rpm\n 134f8bb18790bd023e73919a794703a0 mbs2/x86_64/php-sqlite3-5.5.23-1.mbs2.x86_64.rpm\n 4b4aa44d0ac56629610bb0444f199df5 mbs2/x86_64/php-sybase_ct-5.5.23-1.mbs2.x86_64.rpm\n fc69f644f36308d81f37f356b76e40a1 mbs2/x86_64/php-sysvmsg-5.5.23-1.mbs2.x86_64.rpm\n 981b7ef6715aacfe9250b206dbbbad31 mbs2/x86_64/php-sysvsem-5.5.23-1.mbs2.x86_64.rpm\n 91c006555173d03f1d25899947702673 mbs2/x86_64/php-sysvshm-5.5.23-1.mbs2.x86_64.rpm\n 62e5fa5fa8b4d89d7835f2f68169af14 mbs2/x86_64/php-tidy-5.5.23-1.mbs2.x86_64.rpm\n 0c5a9237c710dd098c8bb56018f7a142 mbs2/x86_64/php-timezonedb-2015.1-1.mbs2.x86_64.rpm\n d94aa68a9ce76bce5c962c58f37ac5a5 mbs2/x86_64/php-tokenizer-5.5.23-1.mbs2.x86_64.rpm\n 317c7da32daa223560dc08bbae89d98d mbs2/x86_64/php-wddx-5.5.23-1.mbs2.x86_64.rpm\n 9b2cf90dfc6f6bdc0431a6f94d43a947 mbs2/x86_64/php-xml-5.5.23-1.mbs2.x86_64.rpm\n 0a1b6e0beeb36f24f9250a352fbff1e9 mbs2/x86_64/php-xmlreader-5.5.23-1.mbs2.x86_64.rpm\n 598925bc71347774e805b6fcfcbcf590 mbs2/x86_64/php-xmlrpc-5.5.23-1.mbs2.x86_64.rpm\n 49a1f8e773e98bb101488b805670651c mbs2/x86_64/php-xmlwriter-5.5.23-1.mbs2.x86_64.rpm\n 0b7c2f2fe7b3103631dd07d12d443e06 mbs2/x86_64/php-xsl-5.5.23-1.mbs2.x86_64.rpm\n 5cb68626d863213de934655dac8342c8 mbs2/x86_64/php-zip-5.5.23-1.mbs2.x86_64.rpm\n a27bab106c0ba87f220ff35937210a63 mbs2/x86_64/php-zlib-5.5.23-1.mbs2.x86_64.rpm \n 3dd6a6eeb12c7207446053e4785d6974 mbs2/SRPMS/libzip-0.11.2-1.1.mbs2.src.rpm\n 5d69769d822628a5bf1485eaa1251b8e mbs2/SRPMS/php-5.5.23-1.mbs2.src.rpm\n 0a629c11ca23ba56d57f61a754def293 mbs2/SRPMS/php-timezonedb-2015.1-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFlFxmqjQ0CJFipgRApIaAJ0TuOLlCRGmp4O6TdNSKUpeRBS2xACgzIEB\nyZuDdHZcMPOQTP7seWcvVWc=\n=esZS\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2535-1\nMarch 18, 2015\n\nphp5 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in PHP. \n(CVE-2015-2301)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3\n php5-cgi 5.5.12+dfsg-2ubuntu4.3\n php5-cli 5.5.12+dfsg-2ubuntu4.3\n php5-enchant 5.5.12+dfsg-2ubuntu4.3\n php5-fpm 5.5.12+dfsg-2ubuntu4.3\n\nUbuntu 14.04 LTS:\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7\n php5-cgi 5.5.9+dfsg-1ubuntu4.7\n php5-cli 5.5.9+dfsg-1ubuntu4.7\n php5-enchant 5.5.9+dfsg-1ubuntu4.7\n php5-fpm 5.5.9+dfsg-1ubuntu4.7\n\nUbuntu 12.04 LTS:\n libapache2-mod-php5 5.3.10-1ubuntu3.17\n php5-cgi 5.3.10-1ubuntu3.17\n php5-cli 5.3.10-1ubuntu3.17\n php5-enchant 5.3.10-1ubuntu3.17\n php5-fpm 5.3.10-1ubuntu3.17\n\nUbuntu 10.04 LTS:\n libapache2-mod-php5 5.3.2-1ubuntu4.29\n php5-cgi 5.3.2-1ubuntu4.29\n php5-cli 5.3.2-1ubuntu4.29\n php5-enchant 5.3.2-1ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2301"
},
{
"db": "BID",
"id": "73037"
},
{
"db": "VULHUB",
"id": "VHN-80262"
},
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "PACKETSTORM",
"id": "132161"
},
{
"db": "PACKETSTORM",
"id": "132618"
},
{
"db": "PACKETSTORM",
"id": "131577"
},
{
"db": "PACKETSTORM",
"id": "132263"
},
{
"db": "PACKETSTORM",
"id": "131081"
},
{
"db": "PACKETSTORM",
"id": "131082"
},
{
"db": "PACKETSTORM",
"id": "130885"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2301",
"trust": 2.8
},
{
"db": "BID",
"id": "73037",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1031949",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/03/15/6",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "130940",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80262",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2301",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132161",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132618",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131577",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130885",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80262"
},
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "BID",
"id": "73037"
},
{
"db": "PACKETSTORM",
"id": "132161"
},
{
"db": "PACKETSTORM",
"id": "132618"
},
{
"db": "PACKETSTORM",
"id": "131577"
},
{
"db": "PACKETSTORM",
"id": "132263"
},
{
"db": "PACKETSTORM",
"id": "131081"
},
{
"db": "PACKETSTORM",
"id": "131082"
},
{
"db": "PACKETSTORM",
"id": "130885"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"id": "VAR-201503-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80262"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:32:24.843000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "php-src-php-5.6.6",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54699"
},
{
"title": "php-src-php-5.6.6",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54698"
},
{
"title": "php-src-php-5.5.22",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54697"
},
{
"title": "php-src-php-5.5.22",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54696"
},
{
"title": "php-src-php-5.4.38",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54695"
},
{
"title": "php-src-php-5.4.38",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54694"
},
{
"title": "Ubuntu Security Notice: php5 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2535-1"
},
{
"title": "Red Hat: CVE-2015-2301",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-2301"
},
{
"title": "Debian Security Advisories: DSA-3198-1 php5 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c4d31fb1a942bdc1ee4d9ee7c751940"
},
{
"title": "Debian CVElist Bug Report Logs: php5: CVE-2015-2331",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ba7729d0dba9bfe30fe987c59a0c7f95"
},
{
"title": "Amazon Linux AMI: ALAS-2015-509",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-509"
},
{
"title": "Apple: OS X El Capitan v10.11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 2.1,
"url": "https://bugs.php.net/bug.php?id=68901"
},
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1135.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/73037"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1066.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1218.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2535-1"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
},
{
"trust": 1.8,
"url": "http://php.net/changelog-5.php"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194747"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205267"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3198"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:079"
},
{
"trust": 1.8,
"url": "http://openwall.com/lists/oss-security/2015/03/15/6"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1053.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1031949"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"trust": 1.1,
"url": "http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b"
},
{
"trust": 1.0,
"url": "http://git.php.net/?p=php-src.git%3ba=commit%3bh=b2cf3f064b8f5efef89bb084521b61318c71781b"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2301"
},
{
"trust": 0.5,
"url": "http://php.net/changelog-5.php#5.5.22"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9709"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-2301"
},
{
"trust": 0.3,
"url": "http://php.net/changelog-5.php#5.6.6"
},
{
"trust": 0.3,
"url": "http://www.php.net/"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/apr/151"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/aug/135"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04686230"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2305"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2783"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2301"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2331"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2331"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1352"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0231"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1352"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4147"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4147"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4148"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0273"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9705"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2787"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-2787"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-9709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9425"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-2535-1/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9705"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-2501-1/"
},
{
"trust": 0.2,
"url": "http://php.net/changelog-5.php#5.5.23"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204676"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0273"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8117"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143748090628601\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=144050155601375\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=143403519711434\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2535-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-8142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4024"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4600"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-2783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3412"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4599"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4602"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4599"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4598"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3329"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2305"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3330"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9709"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3330"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2783"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0367.html"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.17"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0232"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3669"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.20"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4049"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.14"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.11"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4698"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9427"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.18"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0178.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0430.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3597"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0238"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7345"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3479"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
},
{
"trust": 0.1,
"url": "https://bugs.mageia.org/show_bug.cgi?id=13820"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0237"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3587"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3710"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0215.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0324.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0542.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4698"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0284.html"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.10"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.12"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9621"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0441.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0185"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4721"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0040.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3538"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.16"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.15"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.21"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9620"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3710"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.5.19"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0163.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0258.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.7"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80262"
},
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "BID",
"id": "73037"
},
{
"db": "PACKETSTORM",
"id": "132161"
},
{
"db": "PACKETSTORM",
"id": "132618"
},
{
"db": "PACKETSTORM",
"id": "131577"
},
{
"db": "PACKETSTORM",
"id": "132263"
},
{
"db": "PACKETSTORM",
"id": "131081"
},
{
"db": "PACKETSTORM",
"id": "131082"
},
{
"db": "PACKETSTORM",
"id": "130885"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80262"
},
{
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"db": "BID",
"id": "73037"
},
{
"db": "PACKETSTORM",
"id": "132161"
},
{
"db": "PACKETSTORM",
"id": "132618"
},
{
"db": "PACKETSTORM",
"id": "131577"
},
{
"db": "PACKETSTORM",
"id": "132263"
},
{
"db": "PACKETSTORM",
"id": "131081"
},
{
"db": "PACKETSTORM",
"id": "131082"
},
{
"db": "PACKETSTORM",
"id": "130885"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80262"
},
{
"date": "2015-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"date": "2015-02-20T00:00:00",
"db": "BID",
"id": "73037"
},
{
"date": "2015-06-04T16:15:24",
"db": "PACKETSTORM",
"id": "132161"
},
{
"date": "2015-07-09T23:16:17",
"db": "PACKETSTORM",
"id": "132618"
},
{
"date": "2015-04-22T20:14:00",
"db": "PACKETSTORM",
"id": "131577"
},
{
"date": "2015-06-11T23:41:13",
"db": "PACKETSTORM",
"id": "132263"
},
{
"date": "2015-03-30T21:16:25",
"db": "PACKETSTORM",
"id": "131081"
},
{
"date": "2015-03-30T21:16:44",
"db": "PACKETSTORM",
"id": "131082"
},
{
"date": "2015-03-19T00:38:57",
"db": "PACKETSTORM",
"id": "130885"
},
{
"date": "2015-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"date": "2015-03-30T10:59:10.630000",
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-80262"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2301"
},
{
"date": "2016-07-05T21:28:00",
"db": "BID",
"id": "73037"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-624"
},
{
"date": "2024-11-21T02:27:10.587000",
"db": "NVD",
"id": "CVE-2015-2301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131081"
},
{
"db": "PACKETSTORM",
"id": "130885"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP \u2018 phar_rename_archive \u0027Reuse the function after the release of the vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-624"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.