ELSA-2015-1218 Moderate: Oracle Linux php security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | June 09, 2015 | July 10, 2015 | March 21, 2018 |
Description
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- APPLE-APPLE-SA-2015-06-30-2
- APPLE-APPLE-SA-2015-08-13-2
- APPLE-APPLE-SA-2015-09-30-3
- APPLE-APPLE-SA-2015-10-21-4
- CVE-2014-9425
- CVE-2014-9705
- CVE-2014-9709
- CVE-2015-0232
- CVE-2015-0273
- CVE-2015-2301
- CVE-2015-2783
- CVE-2015-2787
- CVE-2015-3307
- CVE-2015-3329
- CVE-2015-3411
- CVE-2015-3412
- CVE-2015-4021
- CVE-2015-4022
- CVE-2015-4024
- CVE-2015-4026
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4598
- CVE-2015-4599
- CVE-2015-4600
- CVE-2015-4601
- CVE-2015-4602
- CVE-2015-4603
- DEBIAN-DSA-3195
- DEBIAN-DSA-3198
- DEBIAN-DSA-3215
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0061337
- IAVM-2015-A-0199
- URL: http://oss.oracle.com/pipermail/el-errata/2015-July/005193.html
Solution
oracle-linux-upgrade-phpRelated Vulnerabilities
- DSA-3198-1 php5 -- security update
- Oracle Solaris 11: CVE-2015-2301: Vulnerability in PHP
- PHP Vulnerability: CVE-2015-2783
- Alpine Linux: CVE-2015-2301: php issues fixed in 5.6.6
- Alpine Linux: CVE-2015-0232: php multiple fixes
- USN-2501-1: PHP vulnerabilities
- RHSA-2015:1066: php54 security and bug fix update
- Alpine Linux: CVE-2015-4022: php multiple issues
- OS X update for apache (CVE-2015-3329)
- Gentoo Linux: CVE-2015-0273: PHP: Multiple vulnerabilities
- Gentoo Linux: CVE-2015-2301: PHP: Multiple vulnerabilities
- OS X update for apache_mod_php (CVE-2015-2787)
- OS X update for apache_mod_php (CVE-2015-0232)
- Oracle Solaris 11: CVE-2015-4026: Vulnerability in PHP
- PHP Vulnerability: CVE-2015-4600
- PHP Vulnerability: CVE-2015-3307
- OS X update for apache_mod_php (CVE-2015-3329)
- Gentoo Linux: CVE-2015-4147: PHP: Multiple vulnerabilities
- ELSA-2015-1053 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php55 security and bug fix update
- PHP Vulnerability: CVE-2015-4147
- Gentoo Linux: CVE-2015-4148: PHP: Multiple vulnerabilities
- OS X update for apache_mod_php (CVE-2014-9705)
- Gentoo Linux: CVE-2015-0232: PHP: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2015-0273: Vulnerability in PHP
- HP-UX: CVE-2015-2301: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- PHP Vulnerability: CVE-2015-4599
- HP-UX: CVE-2014-9709: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- DSA-3344-1 php5 -- security update
- OS X update for apache_mod_php (CVE-2014-9709)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-509) (multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- PHP Vulnerability: CVE-2014-9705
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-474) (multiple CVEs)
- Oracle Solaris 11: CVE-2015-2787: Vulnerability in PHP
- OS X update for apache_mod_php (CVE-2015-4148)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-475) (multiple CVEs)
- PHP Vulnerability: CVE-2015-4148
- OS X update for apache (CVE-2015-4147)
- PHP Vulnerability: CVE-2015-4598
- USN-2535-1: PHP vulnerabilities
- FreeBSD: php5 -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2015-2783: PHP: Multiple vulnerabilities
- PHP Vulnerability: CVE-2015-4021
- OS X update for apache_mod_php (CVE-2015-2783)
- PHP Vulnerability: CVE-2014-9709
- Alpine Linux: CVE-2015-4021: php multiple issues
- OS X update for apache_mod_php (CVE-2015-4147)
- OS X update for apache (CVE-2015-2787)
- OS X update for apache (CVE-2015-4026)
- OS X update for apache_mod_php (CVE-2015-4021)
- OS X update for Admin Framework (CVE-2015-0273)
- OS X update for apache_mod_php (CVE-2015-0273)
- OS X update for apache_mod_php (CVE-2015-4024)
- Oracle Solaris 11: CVE-2015-4022: Vulnerability in PHP
- RHSA-2015:1135: php security and bug fix update
- PHP Vulnerability: CVE-2015-2787
- PHP Vulnerability: CVE-2015-4026
- OS X update for apache_mod_php (CVE-2015-3307)
- OS X update for apache_mod_php (CVE-2015-4022)
- Oracle Solaris 11: CVE-2015-2783: Vulnerability in PHP
- Gentoo Linux: CVE-2015-2787: PHP: Multiple vulnerabilities
- OS X update for apache (CVE-2015-3307)
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-493) (multiple CVEs)
- Oracle Solaris 11: CVE-2015-3329: Vulnerability in PHP
- PHP Vulnerability: CVE-2015-2301
- Alpine Linux: CVE-2015-4024: php multiple issues
- PHP Vulnerability: CVE-2015-4603
- RHSA-2015:1186: php55-php security update
- Amazon Linux AMI: Security patch for php54 (ALAS-2015-534) (multiple CVEs)
- OS X update for apache (CVE-2015-4148)
- ELSA-2015-1066 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php54 security and bug fix update
- Oracle Solaris 11: CVE-2014-9705: Vulnerability in PHP
- Gentoo Linux: CVE-2014-9709: GD: Multiple vulnerabilities
- OS X update for apache_mod_php (CVE-2015-4026)
- Juniper Junos OS: 2017-07 Security Bulletin: Junos OS: J-Web: Multiple Vulnerabilities in PHP software (JSA10804) (multiple CVEs)
- Amazon Linux AMI: Security patch for php56 (ALAS-2015-511) (multiple CVEs)
- Gentoo Linux: CVE-2014-9705: PHP: Multiple vulnerabilities
- USN-2572-1: PHP vulnerabilities
- Gentoo Linux: CVE-2014-9425: PHP: Multiple vulnerabilities
- Oracle Solaris 11: CVE-2015-4024: Vulnerability in PHP
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-535) (multiple CVEs)
- DSA-3215-1 libgd2 -- security update
- RHSA-2015:1187: rh-php56-php security update
- Oracle Solaris 11: CVE-2015-0232: Vulnerability in PHP
- PHP Vulnerability: CVE-2015-0232
- RHSA-2015:1218: php security update
- Alpine Linux: CVE-2015-4026: php multiple issues
- Oracle Solaris 11: CVE-2015-4021: Vulnerability in PHP
- Alpine Linux: CVE-2014-9705: php issues fixed in 5.6.6
- PHP Vulnerability: CVE-2015-3329
- Oracle Solaris 11: CVE-2014-9709: Vulnerability in GD2 Graphics Draw Library, PHP
- PHP Vulnerability: CVE-2015-0273
- Amazon Linux AMI: Security patch for php55 (ALAS-2015-494) (multiple CVEs)
- DSA-3280-1 php5 -- security update
- OS X update for apache (CVE-2015-0273)
- DSA-3195-1 php5 -- security update
- PHP Vulnerability: CVE-2015-3411
- PHP Vulnerability: CVE-2015-4602
- PHP Vulnerability: CVE-2015-4024