What Are You Looking For?

Sign Up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3195-1                   security@debian.org
https://www.debian.org/security/                        Moritz Muehlenhoff
March 18, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
CVE ID         : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 
                 CVE-2015-2305

Multiple vulnerabilities have been discovered in the PHP language:

CVE-2015-2305

   Guido Vranken discovered a heap overflow in the ereg extension
   (only applicable to 32 bit systems).

CVE-2014-9705

   Buffer overflow in the enchant extension.

CVE-2015-0231

   Stefan Esser discovered a use-after-free in the unserialisation
   of objects.

CVE-2015-0232

   Alex Eubanks discovered incorrect memory management in the exif
   extension.

CVE-2015-0273

   Use-after-free in the unserialisation of DateTimeZone.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.38-0+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 5.6.6+dfsg-2.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.6+dfsg-2.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-3195-1: php5 security update

March 18, 2015
Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305

Summary

Multiple vulnerabilities have been discovered in the PHP language:

CVE-2015-2305

Guido Vranken discovered a heap overflow in the ereg extension
(only applicable to 32 bit systems).

CVE-2014-9705

Buffer overflow in the enchant extension.

CVE-2015-0231

Stefan Esser discovered a use-after-free in the unserialisation
of objects.

CVE-2015-0232

Alex Eubanks discovered incorrect memory management in the exif
extension.

CVE-2015-0273

Use-after-free in the unserialisation of DateTimeZone.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.38-0+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 5.6.6+dfsg-2.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.6+dfsg-2.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : php5
CVE ID : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273
CVE-2015-2305

Related News

Python’s New Security Developer Has Plans to Secure the Language

Nov 26, 2023

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

Nov 13, 2023

Critical Exim RCE, Info Disclosure Bugs Fixed

Oct 8, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Oct 5, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo