Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Debian DSA-3280-1 Critical: PHP5 Null Byte Checks And DoS Issues

debian
Calendar Grey June 7, 2015
Debian Logo
The recent Debian Security advisory DSA-3280-1 addresses multiple vulnerabilities in PHP, including improper null byte validation and potential denial of service issues.
Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026

Summary

Multiple vulnerabilities have been discovered in PHP:

CVE-2015-4025 / CVE-2015-4026

Multiple function didn't check for NULL bytes in path names.

CVE-2015-4024

Denial of service when processing multipart/form-data requests.

CVE-2015-4022

Integer overflow in the ftp_genlist() function may result in
denial of service or potentially the execution of arbitrary code.

CVE-2015-4021 CVE-2015-3329 CVE-2015-2783

Multiple vulnerabilities in the phar extension may result in
denial of service or potentially the execution of arbitrary code
when processing malformed archives.

For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.9+dfsg-1.

We recommend that you upgrade y...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: php5
CVE ID: CVE-2015-2783 CVE-2015-3329 CVE-2015-4021 CVE-2015-4022

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.