exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3344-1

Debian Security Advisory 3344-1
Posted Aug 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3344-1 - Multiple vulnerabilities have been discovered in the PHP language.

tags | advisory, php, vulnerability
systems | linux, debian
advisories | CVE-2015-4598, CVE-2015-4643, CVE-2015-4644, CVE-2015-5589, CVE-2015-5590
SHA-256 | 336d50d6256b315b13a267027575d849aa84b77d54fa92fb507a883c990583a8

Debian Security Advisory 3344-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3344-1 security@debian.org
https://www.debian.org/security/ Sebastien Delafond
August 27, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2015-4598 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589
CVE-2015-5590

Multiple vulnerabilities have been discovered in the PHP language:

CVE-2015-4598

thoger at redhat dot com discovered that paths containing a NUL
character were improperly handled, thus allowing an attacker to
manipulate unexpected files on the server.

CVE-2015-4643

Max Spelsberg discovered an integer overflow flaw leading to a
heap-based buffer overflow in PHP's FTP extension, when parsing
listings in FTP server responses. This could lead to a a crash or
execution of arbitrary code.

CVE-2015-4644

A denial of service through a crash could be caused by a segfault
in the php_pgsql_meta_data function.

CVE-2015-5589

kwrnel at hotmail dot com discovered that PHP could crash when
processing an invalid phar file, thus leading to a denial of
service.

CVE-2015-5590

jared at enhancesoft dot com discovered a buffer overflow in the
phar_fix_filepath function, that could causes a crash or execution
of arbitrary code.

Additionally, several other vulnerabilites were fixed:

sean dot heelan at gmail dot com discovered a problem in the
unserialization of some items, that could lead to arbitrary code
execution.

stewie at mail dot ru discovered that the phar extension improperly
handled zip archives with relative paths, which would allow an
attacker to overwrite files outside of the destination directory.

taoguangchen at icloud dot com discovered several use-after-free
vulnerabilities that could lead to arbitrary code execution.

For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.44-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 5.6.12+dfsg-0+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.12+dfsg-1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJV3t20AAoJEBC+iYPz1Z1kPWgIAKa4oEs0lHk2z/kWhdbPodRR
i5QpFWjxD0MMC7ey8MZ2zyQFmC/YMnWtlxG98L4EBrMM9hgoWt/ZP1+WNANKX/4n
nhtb587OxTNjjIDZ/tu81419HubGzsy5eqKA880KZqIGLBRNC0KBTe2SuEZxA/oG
lJqWHFktUQfC6Z2JJwUe8Yy1nrxUsd/P/5y5igGoRrFNiskUoE0KsPLcqAXmxSp4
h4qJ+9MjlvnHJocYTBOdJOn9Sob3kviORO+5zXcE+UOTtdkSlWLykXkzSykM9g9d
a2nu6CPYZN9UO3BsLT2SBJ/LOdTZXSoPjXsUK5SyxqXpgAp/XVJrJZJBH77xBv8=
=QjTz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    8 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close