[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 499-1] php5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.4.45-0+deb7u3
CVE ID         : CVE-2015-8865 CVE-2015-8866 CVE-2015-8878 CVE-2015-8879
                 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073
                 CVE-2016-4343 CVE-2016-4537 CVE-2016-4539 CVE-2016-4540
                 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544


 * CVE-2015-8865
     The file_check_mem function in funcs.c in file before 5.23, as used
     in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20,
     and 7.x before 7.0.5, mishandles continuation-level jumps, which
     allows context-dependent attackers to cause a denial of service
     (buffer overflow and application crash) or possibly execute arbitrary
     code via a crafted magic file.

 * CVE-2015-8866
     libxml_disable_entity_loader setting is shared between threads
     ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when
     PHP-FPM is used, does not isolate each thread from
     libxml_disable_entity_loader changes in other threads, which allows
     remote attackers to conduct XML External Entity (XXE) and XML Entity
     Expansion (XEE) attacks via a crafted XML document, a related issue
     to CVE-2015-5161.

 * CVE-2015-8878
     main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before
     5.6.12 does not ensure thread safety, which allows remote attackers to
     cause a denial of service (race condition and heap memory corruption)
     by leveraging an application that performs many temporary-file accesses.

 * CVE-2015-8879
     The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12
     mishandles driver behavior for SQL_WVARCHAR columns, which allows
     remote attackers to cause a denial of service (application crash) in
     opportunistic circumstances by leveraging use of the odbc_fetch_array
     function to access a certain type of Microsoft SQL Server table.

 * CVE-2016-4070
     Integer overflow in the php_raw_url_encode function in ext/standard/url.c
     in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows
     remote attackers to cause a denial of service (application crash) via a
     long string to the rawurlencode function.

 * CVE-2016-4071
     Format string vulnerability in the php_snmp_error function in
     ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
     before 7.0.5 allows remote attackers to execute arbitrary code via
     format string specifiers in an SNMP::get call.

 * CVE-2016-4072
     The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x
     before 7.0.5 allows remote attackers to execute arbitrary code via a
     crafted filename, as demonstrated by mishandling of \0 characters by
     the phar_analyze_path function in ext/phar/phar.c.

 * CVE-2016-4073
     Multiple integer overflows in the mbfl_strcut function in
     ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before
     5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial
     of service (application crash) or possibly execute arbitrary code via
     a crafted mb_strcut call.

 * CVE-2016-4343
     The phar_make_dirstream function in ext/phar/dirstream.c in PHP before
     5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files,
     which allows remote attackers to cause a denial of service
     (uninitialized pointer dereference) or possibly have unspecified other
     impact via a crafted TAR archive.

 * CVE-2016-4537
     The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35,
     5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer
     for the scale argument, which allows remote attackers to cause a
     denial of service or possibly have unspecified other impact via a
     crafted call.

 * CVE-2016-4539
     The xml_parse_into_struct function in ext/xml/xml.c in PHP before
     5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote
     attackers to cause a denial of service (buffer under-read and
     segmentation fault) or possibly have unspecified other impact via
     crafted XML data in the second argument, leading to a parser level
     of zero.

 * CVE-2016-4540
 * CVE-2016-4541
     The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c
     in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows
     remote attackers to cause a denial of service (out-of-bounds read)
     or possibly have unspecified other impact via a negative offset.

 * CVE-2016-4542
 * CVE-2016-4543
 * CVE-2016-4544
     The exif_process_* function in ext/exif/exif.c in PHP before 5.5.35,
     5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes,
     which allows remote attackers to cause a denial of service
     (out-of-bounds read) or possibly have unspecified other impact via
     crafted header data.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXTe8dXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9+MQAL6d5nDMdhIIIS60aW0fjlAg
InwIGmS5JYZ1aDwyUmtYbKSstYsf4UQZeZNymEMgtXkiiUPU4ZdqMyw2GosuCyGb
+0AcOx414zAGSXY8OoB0Gtn1MW84H/tC57WdzdnYyPZUreN2+32YHTs/Ry533Ly7
ZBOQLmz+GaNJxQnhSOXNrUPApT1UBrxPSoku94ENX1zCjvF22UpNif2G1/EccMHp
wvh8kuRRjbJtloUILPI2pfw/RIgeQwKwxyjZXXqOnWxXWdScgciS9OiESj/s1Rh3
yzXAVTjW8uje23LvdsTboZA8QZgsM77K+L//OVrP0B8X5b5y2SLX5jdr4P7COmx3
id31MVi6hObkd8KqaPQEXN5ExyQpg9Cdd2aeuv0RNBgZA/08xNOu+h0lg3h0SJzw
WKKuxtROq2KrIUmmrHEmzDL3j3vO2r6PWGyPerOTNXl6X9+xe9cnEqNWd2HNK2Z+
sgxGDQVXjCSyYT7MgP9ki+Xi/YODd3Ty04GMDQZ0IkluXZEVvwVLrbOQwHZ2xwmv
uB1Owh3rurWhO+0s6ilNCjigO5T0q6i49vlL8YigGSQjqOEvcNc3s3cctnBX+vu9
8/9EpDgWJP0UgDLR8AP8NpYQ4NDkUHlZooGpkMv7IkOJx7pYi8AXlhkcU6Xoo3IU
o0pvZLRndclJuEq51oGy
=n0cw
-----END PGP SIGNATURE-----


Reply to: