PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A flaw was found in the way the PHP module for the Apache httpd web server
handled pipelined requests. A remote attacker could use this flaw to
trigger the execution of a PHP script in a deinitialized interpreter,
causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330)
A flaw was found in the way PHP parsed multipart HTTP POST requests. A
specially crafted request could cause PHP to use an excessive amount of CPU
time. (CVE-2015-4024)
An integer overflow flaw leading to a heap-based buffer overflow was found
in the way PHP’s FTP extension parsed file listing FTP server responses. A
malicious FTP server could use this flaw to cause a PHP application to
crash or, possibly, execute arbitrary code. (CVE-2015-4022)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-4602, CVE-2015-4603)
It was found that certain PHP functions did not properly handle file names
containing a NULL character. A remote attacker could possibly use this flaw
to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-4025, CVE-2015-4026, CVE-2015-3411,
CVE-2015-3412, CVE-2015-4598)
Multiple flaws were found in the way the way PHP’s Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-2783,
CVE-2015-3307, CVE-2015-3329, CVE-2015-4021)
Multiple flaws were found in PHP’s File Information (fileinfo) extension.
A remote attacker could cause a PHP application to crash if it used
fileinfo to identify type of attacker supplied files. (CVE-2015-4604,
CVE-2015-4605)
All php55-php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd24-httpd service must be restarted for the
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | php55-php-pgsql | < 5.5.21-4.el7 | php55-php-pgsql-5.5.21-4.el7.x86_64.rpm |
RedHat | 6 | x86_64 | php55-php-imap | < 5.5.21-4.el6 | php55-php-imap-5.5.21-4.el6.x86_64.rpm |
RedHat | 6 | x86_64 | php55-php-intl | < 5.5.21-4.el6 | php55-php-intl-5.5.21-4.el6.x86_64.rpm |
RedHat | 7 | x86_64 | php55-php-cli | < 5.5.21-4.el7 | php55-php-cli-5.5.21-4.el7.x86_64.rpm |
RedHat | 6 | x86_64 | php55-php-xml | < 5.5.21-4.el6 | php55-php-xml-5.5.21-4.el6.x86_64.rpm |
RedHat | 6 | src | php55-php | < 5.5.21-4.el6 | php55-php-5.5.21-4.el6.src.rpm |
RedHat | 6 | x86_64 | php55-php-cli | < 5.5.21-4.el6 | php55-php-cli-5.5.21-4.el6.x86_64.rpm |
RedHat | 7 | x86_64 | php55-php-pspell | < 5.5.21-4.el7 | php55-php-pspell-5.5.21-4.el7.x86_64.rpm |
RedHat | 6 | x86_64 | php55-php-pspell | < 5.5.21-4.el6 | php55-php-pspell-5.5.21-4.el6.x86_64.rpm |
RedHat | 7 | x86_64 | php55-php-soap | < 5.5.21-4.el7 | php55-php-soap-5.5.21-4.el7.x86_64.rpm |