Details of VAR-201512-0520

ID

VAR-201512-0520

CVE

CVE-2015-7803

TITLE

PHP of ext/phar/util.c of phar_get_entry_data Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-006375

DESCRIPTION

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues. ***************************************************************** * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES * ***************************************************************** PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.6.17-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PHP could be made to crash if it processed a specially crafted file. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1 Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21 In general, a standard system update will make all the necessary changes. This could lead to a denial of service. CVE-2015-7804 The phar extension does not correctly process directory entries found in archive files with the name "/", leading to a denial of service and, potentially, information disclosure. The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog: https://php.net/ChangeLog-5.php#5.6.13 Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6. For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 ===================================================================== 1. Summary: Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19" References ========== [ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2015-7803 // JVNDB: JVNDB-2015-006375 // BID: 76959 // VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // PACKETSTORM: 135595 // PACKETSTORM: 134112 // PACKETSTORM: 134109 // PACKETSTORM: 136246 // PACKETSTORM: 137539

AFFECTED PRODUCTS

vendor:	php	model:	php	scope:	eq	version:	5.6.8	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.12	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.3	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.5	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.4	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.6	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.11	Trust: 1.6
vendor:	php	model:	php	scope:	eq	version:	5.6.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.1	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.6.7	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.6.10	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.6.2	Trust: 1.0
vendor:	php	model:	php	scope:	lte	version:	5.5.29	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.6.9	Trust: 1.0
vendor:	php	model:	php	scope:	eq	version:	5.6.13	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.1	Trust: 0.8
vendor:	the php group	model:	php	scope:	eq	version:	5.6.14	Trust: 0.8
vendor:	the php group	model:	php	scope:	lt	version:	5.6.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11	Trust: 0.8
vendor:	slackware	model:	linux x86 64 -current	scope:	-	version:	-	Trust: 0.3
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 76959 // JVNDB: JVNDB-2015-006375 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7803
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7803
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-699
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85764
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-7803
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7803
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2015-7803
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-85764
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // JVNDB: JVNDB-2015-006375 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-006375 // NVD: CVE-2015-7803

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 134112 // CNNVD: CNNVD-201510-699

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201510-699

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006375

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Trust: 0.8
title:	HT205637	url:	https://support.apple.com/en-us/HT205637	Trust: 0.8
title:	HT205637	url:	http://support.apple.com/ja-jp/HT205637	Trust: 0.8
title:	Sec Bug #69720	url:	https://bugs.php.net/bug.php?id=69720	Trust: 0.8
title:	Fix bug #69720: Null pointer dereference in phar_get_fp_offset()	url:	http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244	Trust: 0.8
title:	PHP 5 ChangeLog	url:	http://www.php.net/ChangeLog-5.php	Trust: 0.8
title:	Ubuntu Security Notice: php5 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2786-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3380-1 php5 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d50561d10f97424f73a756c92be32e03	Trust: 0.1
title:	Red Hat: CVE-2015-7803	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7803	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-601	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-601	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2015-602	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-602	Trust: 0.1
title:	Apple: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b4f5fe7974fd9e73002edba00722e010	Trust: 0.1

sources: VULMON: CVE-2015-7803 // JVNDB: JVNDB-2015-006375

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7803	Trust: 3.4
db:	BID	id:	76959	Trust: 2.1
db:	OPENWALL	id:	OSS-SECURITY/2015/10/05/8	Trust: 1.8
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006375	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-699	Trust: 0.7
db:	PACKETSTORM	id:	134112	Trust: 0.2
db:	PACKETSTORM	id:	134109	Trust: 0.2
db:	PACKETSTORM	id:	135595	Trust: 0.2
db:	VULHUB	id:	VHN-85764	Trust: 0.1
db:	VULMON	id:	CVE-2015-7803	Trust: 0.1
db:	PACKETSTORM	id:	136246	Trust: 0.1
db:	PACKETSTORM	id:	137539	Trust: 0.1

sources: VULHUB: VHN-85764 // VULMON: CVE-2015-7803 // BID: 76959 // JVNDB: JVNDB-2015-006375 // PACKETSTORM: 135595 // PACKETSTORM: 134112 // PACKETSTORM: 134109 // PACKETSTORM: 136246 // PACKETSTORM: 137539 // CNNVD: CNNVD-201510-699 // NVD: CVE-2015-7803

REFERENCES

url:	https://bugs.php.net/bug.php?id=69720	Trust: 2.1
url:	http://www.securityfocus.com/bid/76959	Trust: 1.9
url:	http://www.php.net/changelog-5.php	Trust: 1.8
url:	https://support.apple.com/ht205637	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2015/10/05/8	Trust: 1.8
url:	https://security.gentoo.org/glsa/201606-10	Trust: 1.3
url:	http://www.ubuntu.com/usn/usn-2786-1	Trust: 1.3
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html	Trust: 1.2
url:	http://www.debian.org/security/2015/dsa-3380	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html	Trust: 1.2
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720	Trust: 1.1
url:	http://git.php.net/?p=php-src.git%3ba=commit%3bh=d698f0ae51f67c9cce870b09c59df3d6ba959244	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7803	Trust: 0.9
url:	http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7803	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7803	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7804	Trust: 0.4
url:	http://php.net/changelog-5.php	Trust: 0.3
url:	http://www.php.net	Trust: 0.3
url:	https://bugs.php.net/bug.php?id=70433	Trust: 0.3
url:	http://www.ubuntu.com/usn/usn-2786-1/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-7803	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6836	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6834	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6832	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6835	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6831	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6833	Trust: 0.2
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2786-1/	Trust: 0.1
url:	http://php.net/manual/en/migration56.php	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1903	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1903	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://php.net/manual/en/migration55.php	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7804	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://php.net/changelog-5.php#5.6.13	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0457.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6833	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6836	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-5589	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6831	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6837	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-5590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5590	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6838	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6838	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6832	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5589	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7804	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6835	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2301	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4148	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1352	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2348	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4147	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4026	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6836	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0273	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3330	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4021	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0231	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4643	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6501	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4644	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2348	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6835	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1351	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1352	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6832	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6831	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2301	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4643	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4025	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2787	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2787	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4148	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6501	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4026	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4147	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3329	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7803	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1351	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0273	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3329	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4022	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6833	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4025	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4644	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2783	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9705	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6834	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0231	Trust: 0.1

CREDITS

hugh, and emmanuel.

Trust: 0.9

sources: BID: 76959 // CNNVD: CNNVD-201510-699

SOURCES

db:	VULHUB	id:	VHN-85764
db:	VULMON	id:	CVE-2015-7803
db:	BID	id:	76959
db:	JVNDB	id:	JVNDB-2015-006375
db:	PACKETSTORM	id:	135595
db:	PACKETSTORM	id:	134112
db:	PACKETSTORM	id:	134109
db:	PACKETSTORM	id:	136246
db:	PACKETSTORM	id:	137539
db:	CNNVD	id:	CNNVD-201510-699
db:	NVD	id:	CVE-2015-7803

LAST UPDATE DATE

2024-08-14T12:55:38.604000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85764	date:	2016-12-07T00:00:00
db:	VULMON	id:	CVE-2015-7803	date:	2016-12-07T00:00:00
db:	BID	id:	76959	date:	2016-07-05T21:22:00
db:	JVNDB	id:	JVNDB-2015-006375	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201510-699	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7803	date:	2023-11-07T02:28:01.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85764	date:	2015-12-11T00:00:00
db:	VULMON	id:	CVE-2015-7803	date:	2015-12-11T00:00:00
db:	BID	id:	76959	date:	2015-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-006375	date:	2015-12-15T00:00:00
db:	PACKETSTORM	id:	135595	date:	2016-02-04T21:45:02
db:	PACKETSTORM	id:	134112	date:	2015-10-28T18:47:28
db:	PACKETSTORM	id:	134109	date:	2015-10-28T18:46:49
db:	PACKETSTORM	id:	136246	date:	2016-03-15T06:19:00
db:	PACKETSTORM	id:	137539	date:	2016-06-19T15:55:00
db:	CNNVD	id:	CNNVD-201510-699	date:	2015-10-29T00:00:00
db:	NVD	id:	CVE-2015-7803	date:	2015-12-11T12:00:11.387