Debian: DSA-3344-1 High: php5 Buffer Overflows And DoS Risk
debian
August 27, 2015
Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-4598
Summary
CVE-2015-4598
thoger at redhat dot com discovered that paths containing a NUL
character were improperly handled, thus allowing an attacker to
manipulate unexpected files on the server.
CVE-2015-4643
Max Spelsberg discovered an integer overflow flaw leading to a
heap-based buffer overflow in PHP's FTP extension, when parsing
listings in FTP server responses. This could lead to a a crash or
execution of arbitrary code.
CVE-2015-4644
A denial of service through a crash could be caused by a segfault
in the php_pgsql_meta_data function.
CVE-2015-5589
kwrnel at hotmail dot com discovered that PHP could crash when
processing an invalid phar file, thus leading to a denial of
service.
CVE-2015-5590
jared at enhancesoft dot com discovered a buffer overflow in the
phar_fix_filepath function, that could causes a crash or execution
of arbitrary code.
Additionally, several other vulnerabilites were fixed:
sean dot heelan at gmail dot com discovered a pro...
PREVIOUS
NEXT
Package: php5
CVE ID: CVE-2015-4598 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!