- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LDE
—–BEGIN PGP SIGNED MESSAGE—–
Debian Security Advisory DSA-3344-1 firstname.lastname@example.org
https://www.debian.org/security/ Sebastien Delafond
August 27, 2015 https://www.debian.org/security/faq
Package : php5
CVE ID : CVE-2015-4598 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589
Multiple vulnerabilities have been discovered in the PHP language:
thoger at redhat dot com discovered that paths containing a NUL
character were improperly handled, thus allowing an attacker to
manipulate unexpected files on the server.
Max Spelsberg discovered an integer overflow flaw leading to a
heap-based buffer overflow in PHP’s FTP extension, when parsing
listings in FTP server responses. This could lead to a a crash or
execution of arbitrary code.
A denial of service through a crash could be caused by a segfault
in the php_pgsql_meta_data function.
kwrnel at hotmail dot com discovered that PHP could crash when
processing an invalid phar file, thus leading to a denial of
jared at enhancesoft dot com discovered a buffer overflow in the
phar_fix_filepath function, that could causes a crash or execution
of arbitrary code.
Additionally, several other vulnerabilites were fixed:
sean dot heelan at gmail dot com discovered a problem in the
unserialization of some items, that could lead to arbitrary code
stewie at mail dot ru discovered that the phar extension improperly
handled zip archives with relative paths, which would allow an
attacker to overwrite files outside of the destination directory.
taoguangchen at icloud dot com discovered several use-after-free
vulnerabilities that could lead to arbitrary code execution.
For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.44-0+deb7u1.
For the stable distribution (jessie), these problems have been fixed in
For the unstable distribution (sid), these problems have been fixed in
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: email@example.com
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
—–END PGP SIGNATURE—–