Test ID:	1.3.6.1.4.1.25623.1.0.120225
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2015-535)
Summary:	The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2015-535 advisory.
Description:	Summary: The remote host is missing an update for the 'php55' package(s) announced via the ALAS-2015-535 advisory. Vulnerability Insight: An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-4021) An integer overflow flaw leading to a heap based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4025) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026) Affected Software/OS: 'php55' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4021 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 74700 http://www.securityfocus.com/bid/74700 Debian Security Information: DSA-3280 (Google Search) http://www.debian.org/security/2015/dsa-3280 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html https://security.gentoo.org/glsa/201606-10 RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1186 http://rhn.redhat.com/errata/RHSA-2015-1186.html RedHat Security Advisories: RHSA-2015:1187 http://rhn.redhat.com/errata/RHSA-2015-1187.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html RedHat Security Advisories: RHSA-2015:1219 http://rhn.redhat.com/errata/RHSA-2015-1219.html http://www.securitytracker.com/id/1032433 SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2015-4022 BugTraq ID: 74902 http://www.securityfocus.com/bid/74902 Common Vulnerability Exposure (CVE) ID: CVE-2015-4024 BugTraq ID: 74903 http://www.securityfocus.com/bid/74903 http://www.securitytracker.com/id/1032432 Common Vulnerability Exposure (CVE) ID: CVE-2015-4025 BugTraq ID: 74904 http://www.securityfocus.com/bid/74904 http://www.securitytracker.com/id/1032431 Common Vulnerability Exposure (CVE) ID: CVE-2015-4026 BugTraq ID: 75056 http://www.securityfocus.com/bid/75056
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.