Description

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

References

• REDHAT-RHSA-2015:1135
• APPLE-APPLE-SA-2015-08-13-2
• APPLE-APPLE-SA-2015-09-30-3
• BID-73431
• CVE-2015-2787
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0061337
• IAVM-2015-A-0199
• REDHAT-RHSA-2015:1053
• REDHAT-RHSA-2015:1066
• REDHAT-RHSA-2015:1218
• URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Solution

Related Vulnerabilities

• DSA-3198-1 php5 -- security update
• RHSA-2015:1066: php54 security and bug fix update
• OS X update for apache_mod_php (CVE-2015-2787)
• ELSA-2015-1218 Moderate: Oracle Linux php security update
• ELSA-2015-1053 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php55 security and bug fix update
• HP System Management Homepage - HPSBMU03380 (CVE-2015-2787): Linux and Windows, Multiple Vulnerabilities
• SUSE: CVE-2015-2787: SUSE Linux Security Advisory
• OS X update for apache (CVE-2015-2787)
• RHSA-2015:1135: php security and bug fix update
• PHP Vulnerability: CVE-2015-2787
• Gentoo Linux: CVE-2015-2787: PHP: Multiple vulnerabilities
• ELSA-2015-1066 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php54 security and bug fix update
• USN-2572-1: PHP vulnerabilities
• RHSA-2015:1218: php security update
• ELSA-2015-1135 Important: Oracle Linux php security and bug fix update