VARIoT IoT vulnerabilities database

Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241. Multiple Cisco UCS B-Series Blade Servers are prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a disruption to the host, resulting in a denial of service (DoS) condition. This issue is being tracked by Cisco Bug ID CSCuq77241. Cisco UCS B-Series blade servers running Cisco UCS B-Series Blade Server Software prior to release 2.2.6 are vulnerable

The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272. A local attacker may exploit this issue to gain root privileges on the affected device; this can also result in the attacker gaining complete control of the affected system. This issue is being tracked by Cisco Bug ID CSCuv12272

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. Cisco VPN Client is a set of cross-platform VPN client software from Cisco. There is a security vulnerability in Cisco VPN Client version 5.x to version 5.0.07.0440. The vulnerability is caused by the program assigning weak permissions to the vpnclient.ini file

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands.". Tripwire ( Old nCircle) IP360 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tripwire (formerly known as nCircle) IP360VnEManager is an IT asset management device from Tripwire Corporation of the United States. A security vulnerability exists in the RPC service in version 7.2.2 prior to TripwireIP360VnEManager 7.2.6. Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected (verified) versions: v7.2.2 -> v7.2.5 CVE ===== CVE-2015-6237 CVSS ======= CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C Base Score: 10.0 Temporal Score: 9.5 Rating ========= Critical Vulnerability Summary ====================== The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled. Impact ======== Successful exploitation will allow a remote unauthenticated attacker to execute commands and queries against the API normally only available to privileged users. Users configured to use external authentication sources (e.g. LDAP) can have a local password created and made usable by an attacker while the authorized user continues to use external authentication. The combined vectors could allow for remote administrative privilege acquisition. Remediation ============= Update to v7.2.6 Credits ========== This vulnerability was discovered and reported by Specto (specto [at] custodela [dot] com). Relevant Timeline ==================== 18/08/2015: Initial vendor contact 19/08/2015: Vulnerability provided to vendor 19/08/2015: Vulnerability accepted by vendor 25/08/2015: Vulnerability confirmed by vendor 30/09/2015: Update with vulnerability fix released by vendor 01/10/2015: Advisory posted

Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. A local attacker may exploit this issue to gain elevated root privileges on the device. This issue is being tracked by Cisco Bug ID CSCuv79694

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The 'phar_parse_zipfile' function in PHP's ext/phar/zip.c file has a one-by-one error vulnerability. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues. ***************************************************************** * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES * ***************************************************************** PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.6.17-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PHP could be made to crash if it processed a specially crafted file. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1 Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21 In general, a standard system update will make all the necessary changes. CVE-2015-7803 The phar extension could crash with a NULL pointer dereference when processing tar archives containing links referring to non-existing files. This could lead to a denial of service. CVE-2015-7804 The phar extension does not correctly process directory entries found in archive files with the name "/", leading to a denial of service and, potentially, information disclosure. The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog: https://php.net/ChangeLog-5.php#5.6.13 Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6. For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 ===================================================================== 1. Summary: Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-5589, CVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804) Two NULL pointer dereference flaws were found in the XSLTProcessor class in PHP. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19" References ========== [ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. PHP is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. The following products and versions are affected: PHP 5.5.29 and prior and 5.6.x prior to 5.6.14, Apple OS X 10.11.1 and prior. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded. This release fixes bugs and security issues. ***************************************************************** * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES * ***************************************************************** PHP 5.4.x has been declared EOL (end of life) and is no longer receiving upstream support. PHP 5.5.x is also no longer on active support status and security fixes will continue only until 5 months from now. For this reason we have provided PHP 5.6 packages as security updates. Be aware that PHP 5.6 is not 100% compatible with PHP 5.4, and some changes may be required to existing web pages written for PHP 5.4. For information on how to migrate from PHP 5.4, please see: http://php.net/manual/en/migration55.php http://php.net/manual/en/migration56.php The final PHP 5.4 packages may be found in /pasture in case there is a need to revert this update. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.17-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.17-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.17-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.17-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 69eba2b2193b19396987c73ef901a68a php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.0 package: 23d8436b3e90027bb7ffb7b0cf8e918c php-5.6.17-x86_64-1_slack14.1.txz Slackware 14.1 package: a3958009db7633258fbd7ebaf5952a5c php-5.6.17-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f1b1cfdf325e66590bdad15170968fee php-5.6.17-x86_64-1_slack14.1.txz Slackware -current package: 239e452ac1570edfb9a574098c8e6b7b n/php-5.6.17-i586-1.txz Slackware x86_64 -current package: 02a07c1a33d393bb67b7ade06dc4d237 n/php-5.6.17-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.6.17-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start Finally, make sure to make any needed changes for compatibility with PHP 5.6. See the links mentioned above. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2786-1 October 28, 2015 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: PHP could be made to crash if it processed a specially crafted file. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the PHP phar extension incorrectly handled certain files. (CVE-2015-7803, CVE-2015-7804) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1 Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21 In general, a standard system update will make all the necessary changes. This could lead to a denial of service. CVE-2015-7804 The phar extension does not correctly process directory entries found in archive files with the name "/", leading to a denial of service and, potentially, information disclosure. The update for Debian stable (jessie) contains additional bug fixes from PHP upstream version 5.6.14, as described in the upstream changelog: https://php.net/ChangeLog-5.php#5.6.13 Note to users of the the oldstable distribution (wheezy): PHP 5.4 has reached end-of-life on September 14th, 2015. As a result, there will be no more new upstream releases. The security support of PHP 5.4 in Debian oldstable (wheezy) will be best effort only, and you are strongly advised to upgrade to latest Debian stable release (jessie), which includes PHP 5.6. For the oldstable distribution (wheezy), these problems have been fixed in version 5.4.45-0+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 5.6.14+dfsg-0+deb8u1. For the testing distribution (stretch) and the unstable distribution (sid), these problems have been fixed in version 5.6.14+dfsg-1. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php56-php security update Advisory ID: RHSA-2016:0457-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0457.html Issue date: 2016-03-15 CVE Names: CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 ===================================================================== 1. Summary: Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An attacker could use these flaws to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838) All rh-php56-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file 1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath 1256290 - CVE-2015-6831 php: Use After Free Vulnerability in unserialize() 1256322 - CVE-2015-6832 php: dangling pointer in the unserialization of ArrayObject items 1260642 - CVE-2015-6834 php: multiple unserialization use-after-free issues 1260647 - CVE-2015-6835 php: use-after-free vulnerability in session deserializer 1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion 1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class 1271081 - CVE-2015-7803 php: NULL pointer dereference in phar_get_fp_offset() 1271088 - CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream() 1283702 - CVE-2015-6833 php: Files from archive can be extracted outside of destination directory using phar 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-php56-php-5.6.5-8.el6.src.rpm x86_64: rh-php56-php-5.6.5-8.el6.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el6.x86_64.rpm rh-php56-php-cli-5.6.5-8.el6.x86_64.rpm rh-php56-php-common-5.6.5-8.el6.x86_64.rpm rh-php56-php-dba-5.6.5-8.el6.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el6.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el6.x86_64.rpm rh-php56-php-devel-5.6.5-8.el6.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el6.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el6.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el6.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el6.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el6.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el6.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el6.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el6.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el6.x86_64.rpm rh-php56-php-process-5.6.5-8.el6.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm rh-php56-php-recode-5.6.5-8.el6.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el6.x86_64.rpm rh-php56-php-soap-5.6.5-8.el6.x86_64.rpm rh-php56-php-tidy-5.6.5-8.el6.x86_64.rpm rh-php56-php-xml-5.6.5-8.el6.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php56-php-5.6.5-8.el7.src.rpm x86_64: rh-php56-php-5.6.5-8.el7.x86_64.rpm rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm rh-php56-php-common-5.6.5-8.el7.x86_64.rpm rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm rh-php56-php-debuginfo-5.6.5-8.el7.x86_64.rpm rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm rh-php56-php-process-5.6.5-8.el7.x86_64.rpm rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5589 https://access.redhat.com/security/cve/CVE-2015-5590 https://access.redhat.com/security/cve/CVE-2015-6831 https://access.redhat.com/security/cve/CVE-2015-6832 https://access.redhat.com/security/cve/CVE-2015-6833 https://access.redhat.com/security/cve/CVE-2015-6834 https://access.redhat.com/security/cve/CVE-2015-6835 https://access.redhat.com/security/cve/CVE-2015-6836 https://access.redhat.com/security/cve/CVE-2015-6837 https://access.redhat.com/security/cve/CVE-2015-6838 https://access.redhat.com/security/cve/CVE-2015-7803 https://access.redhat.com/security/cve/CVE-2015-7804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW6HopXlSAg2UNWIIRAlckAKC4UhawxN3ZuQuLxAWA0M5FTcAmpgCeKLch sZ3mH+O8FzxQYqRnfS39Ew8= =8DIR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: June 19, 2016 Bugs: #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376 ID: 201606-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP 5.4 is now masked in Portage: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33" All PHP 5.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19" References ========== [ 1 ] CVE-2013-6501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501 [ 2 ] CVE-2014-9705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705 [ 3 ] CVE-2014-9709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709 [ 4 ] CVE-2015-0231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231 [ 5 ] CVE-2015-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273 [ 6 ] CVE-2015-1351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351 [ 7 ] CVE-2015-1352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352 [ 8 ] CVE-2015-2301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301 [ 9 ] CVE-2015-2348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348 [ 10 ] CVE-2015-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783 [ 11 ] CVE-2015-2787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787 [ 12 ] CVE-2015-3329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329 [ 13 ] CVE-2015-3330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330 [ 14 ] CVE-2015-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021 [ 15 ] CVE-2015-4022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022 [ 16 ] CVE-2015-4025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025 [ 17 ] CVE-2015-4026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026 [ 18 ] CVE-2015-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147 [ 19 ] CVE-2015-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148 [ 20 ] CVE-2015-4642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642 [ 21 ] CVE-2015-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643 [ 22 ] CVE-2015-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644 [ 23 ] CVE-2015-6831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831 [ 24 ] CVE-2015-6832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832 [ 25 ] CVE-2015-6833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833 [ 26 ] CVE-2015-6834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834 [ 27 ] CVE-2015-6835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835 [ 28 ] CVE-2015-6836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836 [ 29 ] CVE-2015-6837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837 [ 30 ] CVE-2015-6838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838 [ 31 ] CVE-2015-7803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803 [ 32 ] CVE-2015-7804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. Pulse Connect Secure (also known as PCS, formerly known as Juniper Junos Pulse) is a set of SSL VPN solutions of American Pulse Secure company. The following versions are affected: Pulse Secure Pulse Connect Secure Version 7.1, Version 7.4, Version 8.0, Version 8.1

The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. Attackers can exploit this issue to restart the affected service and cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCuw3163

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. Vendors have confirmed this vulnerability Bug ID CSCub65236 It is released as.A third party may use a malformed form for managed access points. 802.11i Service operation is disrupted by sending management data ( Stop device ) There is a possibility of being put into a state. Attackers can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCub65236. This product provides functions such as security policy and intrusion detection in wireless LAN. The following releases are affected: Cisco WLCs using Release 7.4(1.19), Release 7.3(101.0), and Release 7.0(240.0) software

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities A local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices

Siemens SIMATIC S7-300 CPU device Is the German Siemens ( Siemens ) A modular universal controller for discrete and continuous control of industrial environments, such as manufacturing, food and beverage and chemical industries. S7-300 PLC The program uses a structured program, which is divided into multiple modules, and each module completes the corresponding function. Combined to achieve a complex control system. Just like high-level languages, subroutines are used to implement specific functions, and then each subroutine is called through the main program, so that complex programs can be realized. OB The module is equivalent to the main program and is responsible for calling other modules. Siemens SIMATIC S7-300 CPU Is present in the device OB Module security vulnerability. A remote attacker uses the vulnerability to submit a special sequence of malformed messages and send it to the Ethernet or local serial port, which can cause the application to crash and cause a denial of service attack ( PLC There will be many different reactions, such as denial of service, or inability to download programs, etc.), you need to restart PLC To resume work.

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. Multiple Omron Corporation products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC are all products of Japan Omron Corporation. CX-Programmer is a set of programs in the CX-One software suite for configuring programmable devices. The vulnerability is caused by the password that the program transmits in clear text

Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities A local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer is a set of programs used to configure programmable devices produced by Omron Corporation of Japan

Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211. An attacker can exploit this issue to cause the device to unexpectedly reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuw32211. The appliance offers spam protection, email encryption, data loss prevention, and more

Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. Cisco N3K Runs on the device Cisco NX-OS There is a service disruption ( Temporary SNMP Stop ) There are vulnerabilities that are put into a state. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. An attacker can exploit this issue to cause a partial denial of service (DoS) condition to the SNMP service running on the device. This issue is being tracked by Cisco bug ID CSCuw36684. A security vulnerability exists in Cisco NX-OS 6.0(2)U6(0.46) release on N3K devices

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. plural Huawei There is a vulnerability in the product software that can obtain and decrypt passwords. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. http://cwe.mitre.org/data/definitions/326.htmlA remotely authenticated administrator can use a choice of reversible encryption algorithms to obtain and decrypt passwords. Huawei AR Routers is an AR series router product from China Huawei. An information disclosure vulnerability exists in Huawei AR Routers. An attacker could exploit this vulnerability to obtain sensitive information. Huawei AR, etc. are routing switches of China Huawei (Huawei). The following products and versions are affected: Huawei AR V200R001 , V200R002 , V200R003 , V200R005C10 , V200R005C20 , V200R005C30 ; Quidway S9300 V200R003C00SPC500 , V200R002C00SPC100 , V200R001C00SPC300 ; S12700 V200R006C00 , V200R005C00 ; S9300 V200R006C00SPC500 , V200R005C00SPC300 ; Quidway S5300 V200R001C00SPC300

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. plural Huawei There is a vulnerability in the product software that allows the encryption key and ciphertext password to be obtained. Supplementary information : CWE Vulnerability type by CWE-326: Inadequate Encryption Strength ( Incorrect cipher strength ) Has been identified. Huawei AR Routers is an AR series router product from China Huawei. An information disclosure vulnerability exists in Huawei AR Routers. An attacker could exploit this vulnerability to obtain sensitive information. Huawei AR, etc. are routing switches of China Huawei (Huawei). Remote attackers can use the keystore to exploit this vulnerability to gain administrator privileges and crack hard-coded keys and ciphertext passwords. The following products and versions are affected: Huawei AR V200R001 , V200R002 , V200R003 , V200R005C10 , V200R005C20 , V200R005C30 ; Quidway S9300 V200R003C00SPC500 , V200R002C00SPC100 , V200R001C00SPC300 ; S12700 V200R006C00 , V200R005C00 ; S9300 V200R006C00SPC500 , V200R005C00SPC300 ; Quidway S5300 V200R001C00SPC300

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Telephony is one of the components that provides telephony functionality. When the program uses the Continuity function, a local attacker can exploit this vulnerability to bypass the established telephone-call restrictions

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. ICU is prone to a remote memory-corruption vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Note: This issue was previously titled 'ICU CVE-2015-5922 Unspecified Security Vulnerability'. The title has been changed to better reflect security impact and the vulnerability information. Both Apple OS X and watchOS are products of Apple (Apple). The former is a dedicated operating system developed for Mac computers. The latter is a smartwatch operating system. International Components for Unicode (ICU) is a Unicode support, software internationalization, globalization C/C++ and Java library. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements