Gentoo Linux Security Advisory 201606-10 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 5.6.19 are affected.
11f795a7de85515d82acb7e31ed076476df493af2eac39961d98ae5a569b9c65Red Hat Security Advisory 2015-1218-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
f71a8aee7d3ef2bbf2887ea24776b5bd018766e584acec28464f0aaad7cffb13Red Hat Security Advisory 2015-1187-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
b34c749711ea3b7e7d1f8a9142f1a2421a5974fbdf7e052124d26207fc456487Red Hat Security Advisory 2015-1186-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
0b7187415bdc0d78cd103b4bbf0cb103aecd6b3554e4079ac4b6be16514b3447Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
754fae670041f7a697aa8004120dac15eb6d07f2889f1104112f7ee98c3f9f82Debian Linux Security Advisory 3280-1 - Multiple vulnerabilities have been discovered in PHP.
370efd21385ef328b87cf11369b67ae2873d3031fdea71b72c144a0041f322d8Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
7240fd4534def87429d91c637b7729d5691e7f8862de87105b7fb9fae468642eSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
99ad1abcd26dab08695811257c2998e0a30dd4949338dc99aae75015340fafe9Ubuntu Security Notice 2572-1 - It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
244c6d018bed72ec3bf51a251a141d8c6742d2dddff7af1f4fe2c11621debdd0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed