Amazon Linux AMI: Security patch for php56 (ALAS-2015-508) (multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | March 30, 2015 | April 20, 2015 | July 04, 2017 |
Description
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
amazon-linux-upgrade-php56Related Vulnerabilities
- DSA-3198-1 php5 -- security update
- Oracle Solaris 11: CVE-2015-0231: Vulnerability in PHP
- USN-2501-1: PHP vulnerabilities
- RHSA-2015:1066: php54 security and bug fix update
- FreeBSD: clamav -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2015-0231: PHP: Multiple vulnerabilities
- PHP Vulnerability: CVE-2015-2331
- ELSA-2015-1053 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php55 security and bug fix update
- HP-UX: CVE-2015-0231: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- Amazon Linux AMI: Security patch for php (ALAS-2015-524) (CVE-2015-2305)
- FreeBSD: libzip -- integer overflow (CVE-2015-2331)
- HP-UX: CVE-2015-2305: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- OS X update for apache_mod_php (CVE-2015-0231)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-474) (multiple CVEs)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-475) (multiple CVEs)
- FreeBSD: Several vulnerabilities found in PHP (Multiple CVEs)
- RHSA-2015:1135: php security and bug fix update
- PHP Vulnerability: CVE-2015-0231
- ELSA-2015-1066 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php54 security and bug fix update
- USN-2572-1: PHP vulnerabilities
- HP-UX: CVE-2015-2331: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- DSA-3195-1 php5 -- security update
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-507) (multiple CVEs)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-506) (multiple CVEs)
- ELSA-2015-1135 Important: Oracle Linux php security and bug fix update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- USN-2594-1: ClamAV vulnerabilities
- OS X update for apache_mod_php (CVE-2015-2331)
- Alpine Linux: CVE-2015-0231: php multiple fixes
- OS X update for apache_mod_php (CVE-2015-2305)
- Oracle Solaris 11: CVE-2015-2331: Vulnerability in PHP