Fedora 22: 2015-14977 Moderate: PHP Buffer Overflow and RCE
fedora
September 14, 2015
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes)
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
Update Information:
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) * Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at nav...
Topics Covered
Change Log
References
[ 1 ] Bug #1260642 - CVE-2015-6834 php: Use After Free Vulnerability in unserialize() https://bugzilla.redhat.com/show_bug.cgi?id=1260642 [ 2 ] Bug #1260741 - php: Null pointer deref (segfault) in spl_autoload via ob_start https://bugzilla.redhat.com/show_bug.cgi?id=1260741 [ 3 ] Bug #1260734 - php: new DateTimeZone($foo) is ignoring text after null byte https://bugzilla.redhat.com/show_bug.cgi?id=1260734 [ 4 ] Bug #1260674 - php: Multiple vulnerabilities related to PCRE functions https://bugzilla.redhat.com/show_bug.cgi?id=1260674 [ 5 ] Bug #1260667 - php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes https://bugzilla.redhat.com/show_bug.cgi?id=1260667 [ 6 ] Bug #1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE https://bugzilla.redhat.com/show_bug.cgi?id=1260683 [ 7 ] Bug #1260647 - CVE-2015-6835 php: Use after free vulnerability in session deserializer ...
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: php
Product: Fedora 22
Version: 5.6.13
Release: 1.fc22
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!