Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3280-1
HistoryJun 07, 2015 - 12:00 a.m.

php5 - security update

2015-06-0700:00:00
Google
osv.dev
18

0.74 High

EPSS

Percentile

98.1%

JSON

Multiple vulnerabilities have been discovered in PHP:

  • CVE-2015-4025 /
    CVE-2015-4026
    Multiple function didn’t check for NULL bytes in path names.
  • CVE-2015-4024
    Denial of service when processing multipart/form-data requests.
  • CVE-2015-4022
    Integer overflow in the ftp_genlist() function may result in
    denial of service or potentially the execution of arbitrary code.
  • CVE-2015-4021
    CVE-2015-3329
    CVE-2015-2783
    Multiple vulnerabilities in the phar extension may result in
    denial of service or potentially the execution of arbitrary code
    when processing malformed archives.

For the oldstable distribution (wheezy), these problems have been fixed
in version 5.4.41-0+deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 5.6.9+dfsg-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 5.6.9+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.9+dfsg-1.

We recommend that you upgrade your php5 packages.

CPENameOperatorVersion
php5eq5.6.7+dfsg-1

Related

openvas 34
securityvulns 6
nessus 46
debian 2
mageia 2
amazon 6
fedora 5
freebsd 1
slackware 1
redhat 5
veracode 9
oraclelinux 4
ubuntucve 9
f5 13
suse 4
centos 2
hackerone 5
prion 9
cve 9
cvelist 9
nvd 9
checkpoint_advisories 4
ubuntu 2
osv 1
gentoo 1
ibm 1
openvas
openvas
Debian: Security Advisory (DSA-3280-1)
2015-06-06 00:00:00
Debian Security Advisory DSA 3280-1 (php5 - security update)
2015-06-07 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-535)
2015-09-08 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3280-1] php5 security update
2015-06-08 00:00:00
PHP multiple security vulnerabilities
2015-06-13 00:00:00
[ MDVSA-2015:209 ] php
2015-05-05 00:00:00
nessus
nessus
Debian DSA-3280-1 : php5 - security update
2015-06-09 00:00:00
Amazon Linux AMI : php55 (ALAS-2015-535)
2015-06-04 00:00:00
Fedora 21 : php-5.6.9-1.fc21 (2015-8383)
2015-05-29 00:00:00
debian
debian
[SECURITY] [DSA 3280-1] php5 security update
2015-06-07 17:06:52
[SECURITY] [DLA 307-1] php5 security update
2015-09-07 20:21:46
mageia
mageia
Updated php packages fix security vulnerabilities
2015-05-18 22:08:05
Updated php packages fix security vulnerabilities
2015-04-25 23:15:07
amazon
amazon
Medium: php55
2015-06-02 22:21:00
Important: php56
2015-06-02 22:22:00
Important: php54
2015-06-02 22:20:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20
2015-05-27 16:23:41
freebsd
freebsd
php -- multiple vulnerabilities
2015-05-14 00:00:00
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
redhat
redhat
(RHSA-2015:1219) Moderate: php54-php security update
2015-07-09 00:00:00
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
veracode
veracode
Improper Input Validation
2019-05-02 05:39:56
Arbitrary File Write
2019-05-02 05:39:55
Improper Input Validation
2019-05-02 05:39:55
oraclelinux
oraclelinux
php54-php security update
2016-02-04 00:00:00
php55-php security update
2016-02-04 00:00:00
php security update
2015-07-09 00:00:00
ubuntucve
ubuntucve
CVE-2015-3307
2015-06-09 00:00:00
CVE-2015-4026
2015-06-09 00:00:00
CVE-2015-4024
2015-06-09 00:00:00
f5
f5
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K07052904 : PHP vulnerability CVE-2015-3307
2019-02-11 00:00:00
suse
suse
Security update for php5 (important)
2015-05-12 17:05:25
Security update for php5 (important)
2015-07-17 10:12:10
Security update for php5 (important)
2015-07-17 11:08:12
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
hackerone
hackerone
Internet Bug Bounty: invalid pointer free() in phar_tar_process_metadata()
2015-04-15 00:00:00
Internet Bug Bounty: Memory Corruption in phar_parse_tarfile when entry filename starts with null
2015-04-15 00:00:00
Internet Bug Bounty: Buffer Over flow when parsing tar/zip/phar in phar_set_inode
2015-04-14 00:00:00
prion
prion
Heap overflow
2015-06-09 18:59:00
Design/Logic Flaw
2015-06-09 18:59:00
Stack overflow
2015-06-09 18:59:00
cve
cve
CVE-2015-3307
2015-06-09 18:59:01
CVE-2015-4024
2015-06-09 18:59:06
CVE-2015-3329
2015-06-09 18:59:02
cvelist
cvelist
CVE-2015-3307
2015-06-09 18:00:00
CVE-2015-4024
2015-06-09 18:00:00
CVE-2015-3329
2015-06-09 18:00:00
nvd
nvd
CVE-2015-3307
2015-06-09 18:59:01
CVE-2015-4024
2015-06-09 18:59:06
CVE-2015-4021
2015-06-09 18:59:04
checkpoint_advisories
checkpoint_advisories
PHP phar_parse_tarfile method Integer Overflow (CVE-2015-4021)
2015-07-20 00:00:00
PHP Multipart Remote Denial of Service (CVE-2015-4024)
2015-06-30 00:00:00
PHP ftp_genlist method Integer Overflow (CVE-2015-4022)
2015-07-01 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-07-06 00:00:00
PHP vulnerabilities
2015-04-20 00:00:00
osv
osv
php5 - security update
2015-09-07 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
ibm
ibm
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01

0.74 High

EPSS

Percentile

98.1%

JSON
Related for OSV:DSA-3280-1
openvas34securityvulns6nessus46debian2mageia2amazon6fedora5freebsd1slackware1redhat5veracode9oraclelinux4ubuntucve9f513suse4centos2hackerone5prion9cve9cvelist9nvd9checkpoint_advisories4ubuntu2osv1gentoo1ibm1