php -- multiple vulnerabilities

2016-02-0400:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.084 Low

EPSS

Percentile

94.5%

JSON

PHP reports:

Core:

Fixed bug #71039 (exec functions ignore length but look for NULL
termination).
Fixed bug #71323 (Output of stream_get_meta_data can be
falsified by its input).
Fixed bug #71459 (Integer overflow in iptcembed()).

PCRE:

Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)

Phar:

Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
Fixed bug #71391 (NULL Pointer Dereference in
phar_tar_setupmetadata()).
Fixed bug #71488 (Stack overflow when decompressing tar
archives). (CVE-2016-2554)

WDDX:

Fixed bug #71335 (Type Confusion in WDDX Packet
Deserialization).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphp55< 5.5.32UNKNOWN
FreeBSDanynoarchphp55-phar< 5.5.32UNKNOWN
FreeBSDanynoarchphp55-wddx< 5.5.32UNKNOWN
FreeBSDanynoarchphp56< 5.6.18UNKNOWN
FreeBSDanynoarchphp56-phar< 5.6.18UNKNOWN
FreeBSDanynoarchphp56-wddx< 5.6.18UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	php55	< 5.5.32	UNKNOWN
FreeBSD	any	noarch	php55-phar	< 5.5.32	UNKNOWN
FreeBSD	any	noarch	php55-wddx	< 5.5.32	UNKNOWN
FreeBSD	any	noarch	php56	< 5.6.18	UNKNOWN
FreeBSD	any	noarch	php56-phar	< 5.6.18	UNKNOWN
FreeBSD	any	noarch	php56-wddx	< 5.6.18	UNKNOWN