Mandriva

MDVSA-2015:079: php

Leave a comment

Multiple vulnerabilities has been discovered and corrected in php:

S. Paraschoudis discovered that PHP incorrectly handled memory in
the enchant binding. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2014-9705).

Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2015-0273).

It was discovered that PHP incorrectly handled memory in the phar
extension. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-2301).

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages improper
handling of duplicate numerical keys within the serialized properties
of an object. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way libzip, which is embedded in PHP, processed
certain ZIP archives. If an attacker were able to supply a specially
crafted ZIP archive to an application using libzip, it could cause
the application to crash or, possibly, execute arbitrary code
(CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled
memory. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2015-1351).

It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-1352).

The updated php packages have been patched and upgraded to the 5.5.23
version which is not vulnerable to these issues. The libzip packages
has been patched to address the CVE-2015-2331 flaw.

Additionally the php-xdebug package has been upgraded to the latest
2.3.2 and the PECL packages which requires so has been rebuilt for
php-5.5.23.

Leave a Reply