SB2015042204 - Slackware Linux update for php

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015042204

SB2015042204 - Slackware Linux update for php

Published: April 22, 2015 Updated: May 6, 2017

Security Bulletin ID SB2015042204
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 22% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2014-9709)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5,. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.


2) Use-after-free (CVE-ID: CVE-2015-0231)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to гse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. A remote attacker can trigger memory corruption via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an objecе. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Use-after-free error (CVE-ID: CVE-2015-1351)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7. A remote attacker can trigger memory corruption and cause the service to crash.

4) NULL pointer dereference (CVE-ID: CVE-2015-1352)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a specially crafted name. A remote attacker can perform a denial of service (DoS) attack.


5) Use-after-free error (CVE-ID: CVE-2015-2301)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file and cause the service to crash.


6) Integer overflow (CVE-ID: CVE-2015-2305)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to \integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products. A local attacker can trigger heap-based buffer overflow via a large regular expression and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Heap-based buffer overflow (CVE-ID: CVE-2015-2331)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products,. A remote attacker can use a ZIP archive that contains many entries to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Buffer over-read (CVE-ID: CVE-2015-2783)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to buffer over-read in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8. A remote attacker can obtain sensitive information from process memory or cause a denial of service via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

9) Improper input validation (CVE-ID: CVE-2015-3330)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in the php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used. A remote attacker can cause application crash or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Remediation

Install update from vendor's website.

References