ID

VAR-201512-0520


CVE

CVE-2015-7803


TITLE

PHP of ext/phar/util.c of phar_get_entry_data Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006375

DESCRIPTION

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues. ***************************************************************** * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES * ***************************************************************** PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.6.17-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PHP could be made to crash if it processed a specially crafted file. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1 Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21 In general, a standard system update will make all the necessary changes. This could lead to a denial of service. CVE-2015-7804 The phar extension does not correctly process directory entries found in archive files with the name "/", leading to a denial of service and, potentially, information disclosure. The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog: https://php.net/ChangeLog-5.php#5.6.13 Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6. For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 ===================================================================== 1. Summary: Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19" References ========== [ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2015-7803 // JVNDB: JVNDB-2015-006375 // BID: 76959 // VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // PACKETSTORM: 135595 // PACKETSTORM: 134112 // PACKETSTORM: 134109 // PACKETSTORM: 136246 // PACKETSTORM: 137539

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:eqversion:5.6.8

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.12

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.3

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.5

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.4

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.6

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.11

Trust: 1.6

vendor:phpmodel:phpscope:eqversion:5.6.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.11.1

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.6.7

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.6.10

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.6.2

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:5.5.29

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.6.9

Trust: 1.0

vendor:phpmodel:phpscope:eqversion:5.6.13

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.1

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:5.6.14

Trust: 0.8

vendor:the php groupmodel:phpscope:ltversion:5.6.x

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

sources: BID: 76959 // JVNDB: JVNDB-2015-006375 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7803
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7803
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-699
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85764
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7803
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7803
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2015-7803
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-85764
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // JVNDB: JVNDB-2015-006375 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-006375 // NVD: CVE-2015-7803

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 134112 // CNNVD: CNNVD-201510-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201510-699

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006375

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Trust: 0.8

title:HT205637url:https://support.apple.com/en-us/HT205637

Trust: 0.8

title:HT205637url:http://support.apple.com/ja-jp/HT205637

Trust: 0.8

title:Sec Bug #69720url:https://bugs.php.net/bug.php?id=69720

Trust: 0.8

title:Fix bug #69720: Null pointer dereference in phar_get_fp_offset()url:http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244

Trust: 0.8

title:PHP 5 ChangeLogurl:http://www.php.net/ChangeLog-5.php

Trust: 0.8

title:Ubuntu Security Notice: php5 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2786-1

Trust: 0.1

title:Debian Security Advisories: DSA-3380-1 php5 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d50561d10f97424f73a756c92be32e03

Trust: 0.1

title:Red Hat: CVE-2015-7803url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7803

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-601url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-601

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-602url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-602

Trust: 0.1

title:Apple: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericksurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b4f5fe7974fd9e73002edba00722e010

Trust: 0.1

sources: VULMON: CVE-2015-7803 // JVNDB: JVNDB-2015-006375

EXTERNAL IDS

db:NVDid:CVE-2015-7803

Trust: 3.4

db:BIDid:76959

Trust: 2.1

db:OPENWALLid:OSS-SECURITY/2015/10/05/8

Trust: 1.8

db:JVNid:JVNVU97526033

Trust: 0.8

db:JVNDBid:JVNDB-2015-006375

Trust: 0.8

db:CNNVDid:CNNVD-201510-699

Trust: 0.7

db:PACKETSTORMid:134112

Trust: 0.2

db:PACKETSTORMid:134109

Trust: 0.2

db:PACKETSTORMid:135595

Trust: 0.2

db:VULHUBid:VHN-85764

Trust: 0.1

db:VULMONid:CVE-2015-7803

Trust: 0.1

db:PACKETSTORMid:136246

Trust: 0.1

db:PACKETSTORMid:137539

Trust: 0.1

sources: VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // BID: 76959 // JVNDB: JVNDB-2015-006375 // PACKETSTORM: 135595 // PACKETSTORM: 134112 // PACKETSTORM: 134109 // PACKETSTORM: 136246 // PACKETSTORM: 137539 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

REFERENCES

url:https://bugs.php.net/bug.php?id=69720

Trust: 2.1

url:http://www.securityfocus.com/bid/76959

Trust: 1.9

url:http://www.php.net/changelog-5.php

Trust: 1.8

url:https://support.apple.com/ht205637

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2015/10/05/8

Trust: 1.8

url:https://security.gentoo.org/glsa/201606-10

Trust: 1.3

url:http://www.ubuntu.com/usn/usn-2786-1

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html

Trust: 1.2

url:http://www.debian.org/security/2015/dsa-3380

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html

Trust: 1.2

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720

Trust: 1.1

url:http://git.php.net/?p=php-src.git%3ba=commit%3bh=d698f0ae51f67c9cce870b09c59df3d6ba959244

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7803

Trust: 0.9

url:http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97526033/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7803

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-7803

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2015-7804

Trust: 0.4

url:http://php.net/changelog-5.php

Trust: 0.3

url:http://www.php.net

Trust: 0.3

url:https://bugs.php.net/bug.php?id=70433

Trust: 0.3

url:http://www.ubuntu.com/usn/usn-2786-1/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2015-7803

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6836

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6834

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6832

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6835

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6831

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-6833

Trust: 0.2

url:http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2016&amp;m=slackware-security.461720

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2786-1/

Trust: 0.1

url:http://php.net/manual/en/migration56.php

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1903

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1903

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://php.net/manual/en/migration55.php

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7804

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://php.net/changelog-5.php#5.6.13

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2016-0457.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6833

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6836

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5589

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6831

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6837

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5590

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6832

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5589

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-7804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-6835

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4148

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4147

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3330

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0231

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6501

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4644

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2348

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1352

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2301

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4643

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4025

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2787

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4026

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9709

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0273

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3329

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-4022

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-2783

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231

Trust: 0.1

sources: VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // BID: 76959 // JVNDB: JVNDB-2015-006375 // PACKETSTORM: 135595 // PACKETSTORM: 134112 // PACKETSTORM: 134109 // PACKETSTORM: 136246 // PACKETSTORM: 137539 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

CREDITS

hugh, and emmanuel.

Trust: 0.9

sources: BID: 76959 // CNNVD: CNNVD-201510-699

SOURCES

db:VULHUBid:VHN-85764
db:VULMONid:CVE-2015-7803
db:BIDid:76959
db:JVNDBid:JVNDB-2015-006375
db:PACKETSTORMid:135595
db:PACKETSTORMid:134112
db:PACKETSTORMid:134109
db:PACKETSTORMid:136246
db:PACKETSTORMid:137539
db:CNNVDid:CNNVD-201510-699
db:NVDid:CVE-2015-7803

LAST UPDATE DATE

2024-08-14T12:55:38.604000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-85764date:2016-12-07T00:00:00
db:VULMONid:CVE-2015-7803date:2016-12-07T00:00:00
db:BIDid:76959date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2015-006375date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201510-699date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7803date:2023-11-07T02:28:01.547

SOURCES RELEASE DATE

db:VULHUBid:VHN-85764date:2015-12-11T00:00:00
db:VULMONid:CVE-2015-7803date:2015-12-11T00:00:00
db:BIDid:76959date:2015-10-05T00:00:00
db:JVNDBid:JVNDB-2015-006375date:2015-12-15T00:00:00
db:PACKETSTORMid:135595date:2016-02-04T21:45:02
db:PACKETSTORMid:134112date:2015-10-28T18:47:28
db:PACKETSTORMid:134109date:2015-10-28T18:46:49
db:PACKETSTORMid:136246date:2016-03-15T06:19:00
db:PACKETSTORMid:137539date:2016-06-19T15:55:00
db:CNNVDid:CNNVD-201510-699date:2015-10-29T00:00:00
db:NVDid:CVE-2015-7803date:2015-12-11T12:00:11.387