Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871388
Category:Red Hat Local Security Checks
Title:RedHat Update for php RHSA-2015:1218-01
Summary:The remote host is missing an update for the 'php'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'php'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PHP is an HTML-embedded scripting
language commonly used with the Apache HTTP Server.

A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)

An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)

An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP's FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147,
CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602,
CVE-2015-4603)

It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,
CVE-2015-4598)

Multiple flaws were found in the way the way PHP's Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2301,
CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)

A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)

A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)

A double free flaw was found in zend_ts_hash_graceful_destroy() function in
the PHP ZTS module. This flaw could possibly cause a PHP application to
crash. (CVE-2014-9425)

All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Affected Software/OS:
php on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-9425
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 71800
http://www.securityfocus.com/bid/71800
https://security.gentoo.org/glsa/201503-03
http://openwall.com/lists/oss-security/2014/12/29/6
RedHat Security Advisories: RHSA-2015:1218
http://rhn.redhat.com/errata/RHSA-2015-1218.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9705
BugTraq ID: 73031
http://www.securityfocus.com/bid/73031
Debian Security Information: DSA-3195 (Google Search)
http://www.debian.org/security/2015/dsa-3195
https://security.gentoo.org/glsa/201606-10
HPdes Security Advisory: HPSBMU03380
http://marc.info/?l=bugtraq&m=143748090628601&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:079
https://www.htbridge.com/advisory/HTB23252
http://openwall.com/lists/oss-security/2015/03/15/6
RedHat Security Advisories: RHSA-2015:1053
http://rhn.redhat.com/errata/RHSA-2015-1053.html
RedHat Security Advisories: RHSA-2015:1066
http://rhn.redhat.com/errata/RHSA-2015-1066.html
RedHat Security Advisories: RHSA-2015:1135
http://rhn.redhat.com/errata/RHSA-2015-1135.html
http://www.securitytracker.com/id/1031948
SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html
http://www.ubuntu.com/usn/USN-2535-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-9709
BugTraq ID: 73306
http://www.securityfocus.com/bid/73306
Debian Security Information: DSA-3215 (Google Search)
http://www.debian.org/security/2015/dsa-3215
https://security.gentoo.org/glsa/201607-04
HPdes Security Advisory: HPSBUX03337
http://marc.info/?l=bugtraq&m=143403519711434&w=2
HPdes Security Advisory: SSRT102066
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.securitytracker.com/id/1033703
http://www.ubuntu.com/usn/USN-2987-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-0232
BugTraq ID: 72541
http://www.securityfocus.com/bid/72541
http://www.mandriva.com/security/advisories?name=MDVSA-2015:032
SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html
SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-0273
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 72701
http://www.securityfocus.com/bid/72701
http://www.securitytracker.com/id/1031945
SuSE Security Announcement: SUSE-SU-2015:0424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html
SuSE Security Announcement: SUSE-SU-2015:0436 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html
SuSE Security Announcement: openSUSE-SU-2015:0440 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-2301
BugTraq ID: 73037
http://www.securityfocus.com/bid/73037
Debian Security Information: DSA-3198 (Google Search)
http://www.debian.org/security/2015/dsa-3198
http://www.securitytracker.com/id/1031949
Common Vulnerability Exposure (CVE) ID: CVE-2015-2783
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 74239
http://www.securityfocus.com/bid/74239
Debian Security Information: DSA-3280 (Google Search)
http://www.debian.org/security/2015/dsa-3280
RedHat Security Advisories: RHSA-2015:1186
http://rhn.redhat.com/errata/RHSA-2015-1186.html
RedHat Security Advisories: RHSA-2015:1187
http://rhn.redhat.com/errata/RHSA-2015-1187.html
http://www.securitytracker.com/id/1032146
SuSE Security Announcement: openSUSE-SU-2015:0855 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
http://www.ubuntu.com/usn/USN-2572-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-2787
BugTraq ID: 73431
http://www.securityfocus.com/bid/73431
http://www.securitytracker.com/id/1032485
SuSE Security Announcement: openSUSE-SU-2015:0684 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-3307
BugTraq ID: 74703
http://www.securityfocus.com/bid/74703
Common Vulnerability Exposure (CVE) ID: CVE-2015-3329
BugTraq ID: 74240
http://www.securityfocus.com/bid/74240
http://www.securitytracker.com/id/1032145
Common Vulnerability Exposure (CVE) ID: CVE-2015-3411
BugTraq ID: 75255
http://www.securityfocus.com/bid/75255
http://www.securitytracker.com/id/1032709
Common Vulnerability Exposure (CVE) ID: CVE-2015-3412
BugTraq ID: 75250
http://www.securityfocus.com/bid/75250
Common Vulnerability Exposure (CVE) ID: CVE-2015-4021
BugTraq ID: 74700
http://www.securityfocus.com/bid/74700
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
RedHat Security Advisories: RHSA-2015:1219
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securitytracker.com/id/1032433
SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4022
BugTraq ID: 74902
http://www.securityfocus.com/bid/74902
Common Vulnerability Exposure (CVE) ID: CVE-2015-4024
BugTraq ID: 74903
http://www.securityfocus.com/bid/74903
http://www.securitytracker.com/id/1032432
Common Vulnerability Exposure (CVE) ID: CVE-2015-4026
BugTraq ID: 75056
http://www.securityfocus.com/bid/75056
http://www.securitytracker.com/id/1032431
Common Vulnerability Exposure (CVE) ID: CVE-2015-4147
BugTraq ID: 73357
http://www.securityfocus.com/bid/73357
http://openwall.com/lists/oss-security/2015/06/01/4
http://www.securitytracker.com/id/1032459
Common Vulnerability Exposure (CVE) ID: CVE-2015-4148
BugTraq ID: 75103
http://www.securityfocus.com/bid/75103
SuSE Security Announcement: openSUSE-SU-2015:1057 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00028.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-4598
BugTraq ID: 75244
http://www.securityfocus.com/bid/75244
Debian Security Information: DSA-3344 (Google Search)
http://www.debian.org/security/2015/dsa-3344
http://www.openwall.com/lists/oss-security/2015/06/16/12
Common Vulnerability Exposure (CVE) ID: CVE-2015-4599
BugTraq ID: 75251
http://www.securityfocus.com/bid/75251
Common Vulnerability Exposure (CVE) ID: CVE-2015-4600
BugTraq ID: 74413
http://www.securityfocus.com/bid/74413
Common Vulnerability Exposure (CVE) ID: CVE-2015-4601
BugTraq ID: 75246
http://www.securityfocus.com/bid/75246
Common Vulnerability Exposure (CVE) ID: CVE-2015-4602
BugTraq ID: 75249
http://www.securityfocus.com/bid/75249
Common Vulnerability Exposure (CVE) ID: CVE-2015-4603
BugTraq ID: 75252
http://www.securityfocus.com/bid/75252
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.