[SECURITY] [DLA 499-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : php5
Version : 5.4.45-0+deb7u3
CVE ID : CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879
CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073
CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540
CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544
* CVE-2015-8865
The file_check_mem function in funcs.c in file before 5.23, as used
in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20,
and 7.x before 7.0.5, mishandles continuation-level jumps, which
allows context-dependent attackers to cause a denial of service
(buffer overflow and application crash) or possibly execute arbitrary
code via a crafted magic file.
* CVE-2015-8866
libxml_disable_entity_loader setting is shared between threads
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when
PHP-FPM is used, does not isolate each thread from
libxml_disable_entity_loader changes in other threads, which allows
remote attackers to conduct XML External Entity (XXE) and XML Entity
Expansion (XEE) attacks via a crafted XML document, a related issue
to CVE-2015-5161.
* CVE-2015-8878
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before
5.6.12 does not ensure thread safety, which allows remote attackers to
cause a denial of service (race condition and heap memory corruption)
by leveraging an application that performs many temporary-file accesses.
* CVE-2015-8879
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12
mishandles driver behavior for SQL_WVARCHAR columns, which allows
remote attackers to cause a denial of service (application crash) in
opportunistic circumstances by leveraging use of the odbc_fetch_array
function to access a certain type of Microsoft SQL Server table.
* CVE-2016-4070
Integer overflow in the php_raw_url_encode function in ext/standard/url.c
in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows
remote attackers to cause a denial of service (application crash) via a
long string to the rawurlencode function.
* CVE-2016-4071
Format string vulnerability in the php_snmp_error function in
ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
before 7.0.5 allows remote attackers to execute arbitrary code via
format string specifiers in an SNMP::get call.
* CVE-2016-4072
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
before 7.0.5 allows remote attackers to execute arbitrary code via a
crafted filename, as demonstrated by mishandling of \0 characters by
the phar_analyze_path function in ext/phar/phar.c.
* CVE-2016-4073
Multiple integer overflows in the mbfl_strcut function in
ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before
5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a crafted mb_strcut call.
* CVE-2016-4343
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before
5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files,
which allows remote attackers to cause a denial of service
(uninitialized pointer dereference) or possibly have unspecified other
impact via a crafted TAR archive.
* CVE-2016-4537
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35,
5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer
for the scale argument, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via a
crafted call.
* CVE-2016-4539
The xml_parse_into_struct function in ext/xml/xml.c in PHP before
5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote
attackers to cause a denial of service (buffer under-read and
segmentation fault) or possibly have unspecified other impact via
crafted XML data in the second argument, leading to a parser level
of zero.
* CVE-2016-4540
* CVE-2016-4541
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c
in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows
remote attackers to cause a denial of service (out-of-bounds read)
or possibly have unspecified other impact via a negative offset.
* CVE-2016-4542
* CVE-2016-4543
* CVE-2016-4544
The exif_process_* function in ext/exif/exif.c in PHP before 5.5.35,
5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes,
which allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly have unspecified other impact via
crafted header data.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJXTe8dXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9+MQAL6d5nDMdhIIIS60aW0fjlAg
InwIGmS5JYZ1aDwyUmtYbKSstYsf4UQZeZNymEMgtXkiiUPU4ZdqMyw2GosuCyGb
+0AcOx414zAGSXY8OoB0Gtn1MW84H/tC57WdzdnYyPZUreN2+32YHTs/Ry533Ly7
ZBOQLmz+GaNJxQnhSOXNrUPApT1UBrxPSoku94ENX1zCjvF22UpNif2G1/EccMHp
wvh8kuRRjbJtloUILPI2pfw/RIgeQwKwxyjZXXqOnWxXWdScgciS9OiESj/s1Rh3
yzXAVTjW8uje23LvdsTboZA8QZgsM77K+L//OVrP0B8X5b5y2SLX5jdr4P7COmx3
id31MVi6hObkd8KqaPQEXN5ExyQpg9Cdd2aeuv0RNBgZA/08xNOu+h0lg3h0SJzw
WKKuxtROq2KrIUmmrHEmzDL3j3vO2r6PWGyPerOTNXl6X9+xe9cnEqNWd2HNK2Z+
sgxGDQVXjCSyYT7MgP9ki+Xi/YODd3Ty04GMDQZ0IkluXZEVvwVLrbOQwHZ2xwmv
uB1Owh3rurWhO+0s6ilNCjigO5T0q6i49vlL8YigGSQjqOEvcNc3s3cctnBX+vu9
8/9EpDgWJP0UgDLR8AP8NpYQ4NDkUHlZooGpkMv7IkOJx7pYi8AXlhkcU6Xoo3IU
o0pvZLRndclJuEq51oGy
=n0cw
-----END PGP SIGNATURE-----
Reply to: