Test ID:	1.3.6.1.4.1.25623.1.0.842472
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2758-1)
Summary:	The remote host is missing an update for the 'php5' package(s) announced via the USN-2758-1 advisory.
Description:	Summary: The remote host is missing an update for the 'php5' package(s) announced via the USN-2758-1 advisory. Vulnerability Insight: It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-5589) It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5590) Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6831, CVE-2015-6834, CVE-2015-6835 Sean Heelan discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6832) It was discovered that the PHP phar extension incorrectly handled certain archives. A remote attacker could use this issue to cause files to be placed outside of the destination directory. (CVE-2015-6833) Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-6836) It was discovered that the PHP XSLTProcessor class incorrectly handled certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-6837) Affected Software/OS: 'php5' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 15.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5589 BugTraq ID: 75974 http://www.securityfocus.com/bid/75974 Debian Security Information: DSA-3344 (Google Search) http://www.debian.org/security/2015/dsa-3344 http://openwall.com/lists/oss-security/2015/07/18/1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5590 BugTraq ID: 75970 http://www.securityfocus.com/bid/75970 Common Vulnerability Exposure (CVE) ID: CVE-2015-6831 BugTraq ID: 76737 http://www.securityfocus.com/bid/76737 https://security.gentoo.org/glsa/201606-10 http://www.openwall.com/lists/oss-security/2015/08/19/3 Common Vulnerability Exposure (CVE) ID: CVE-2015-6832 Common Vulnerability Exposure (CVE) ID: CVE-2015-6833 Common Vulnerability Exposure (CVE) ID: CVE-2015-6834 BugTraq ID: 76649 http://www.securityfocus.com/bid/76649 Debian Security Information: DSA-3358 (Google Search) http://www.debian.org/security/2015/dsa-3358 http://www.securitytracker.com/id/1033548 Common Vulnerability Exposure (CVE) ID: CVE-2015-6835 BugTraq ID: 76734 http://www.securityfocus.com/bid/76734 Common Vulnerability Exposure (CVE) ID: CVE-2015-6836 BugTraq ID: 76644 http://www.securityfocus.com/bid/76644 Common Vulnerability Exposure (CVE) ID: CVE-2015-6837 BugTraq ID: 76738 http://www.securityfocus.com/bid/76738 Common Vulnerability Exposure (CVE) ID: CVE-2015-6838 BugTraq ID: 76733 http://www.securityfocus.com/bid/76733
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.