testing php5 for Squeeze LTS
Hi,
I uploaded version 5.3.3.1-7+squeeze28 of php5 to:
https://people.debian.org/~alteholz/packages/squeeze-lts/php5/amd64/
https://people.debian.org/~alteholz/packages/squeeze-lts/php5/i386/
Please give it a try and tell me about any problems you met.
Thanks!
Thorsten
Changes:
php5 (5.3.3.1-7+squeeze28) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* CVE-2015-6831
Use after free vulnerability was found in unserialize() function.
We can create ZVAL and free it via Serializable::unserialize.
However the unserialize() will still allow to use R: or r: to set
references to that already freed memory. It is possible to
use-after-free attack and execute arbitrary code remotely.
* CVE-2015-6832
Dangling pointer in the unserialization of ArrayObject items.
* CVE-2015-6833
Files extracted from archive may be placed outside of destination
directory
* CVE-2015-6834
Use after free vulnerability was found in unserialize() function.
We can create ZVAL and free it via Serializable::unserialize.
However the unserialize() will still allow to use R: or r: to set
references to that already freed memory. It is possible to
use-after-free attack and execute arbitrary code remotely.
* CVE-2015-6836
A type confusion occurs within SOAP serialize_function_call due
to an insufficient validation of the headers field.
In the SoapClient's __call method, the verify_soap_headers_array
check is applied only to headers retrieved from
zend_parse_parameters; problem is that a few lines later,
soap_headers could be updated or even replaced with values from
the __default_headers object fields.
* CVE-2015-6837
The XSLTProcessor class misses a few checks on the input from the
libxslt library. The valuePop() function call is able to return
NULL pointer and php does not check that.
* CVE-2015-6838
The XSLTProcessor class misses a few checks on the input from the
libxslt library. The valuePop() function call is able to return
NULL pointer and php does not check that.
* CVE-2015-7803
A NULL pointer dereference flaw was found in the way PHP's Phar
extension parsed Phar archives. A specially crafted archive could
cause PHP to crash.
* CVE-2015-7804
An uninitialized pointer use flaw was found in the
phar_make_dirstream() function of PHP's Phar extension.
A specially crafted phar file in the ZIP format with a directory
entry with a file name "/ZIP" could cause a PHP application
function to crash.
Reply to: