Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:0457
HistoryMar 15, 2016 - 12:00 a.m.

(RHSA-2016:0457) Moderate: rh-php56-php security update

2016-03-1500:00:00
access.redhat.com
38

0.201 Low

EPSS

Percentile

96.4%

JSON

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2015-6831, CVE-2015-6832, CVE-2015-6834,
CVE-2015-6835, CVE-2015-6836)

Multiple flaws were found in the way the way PHP’s Phar extension parsed
Phar archives. A specially crafted archive could cause PHP to crash or,
possibly, execute arbitrary code when opened. (CVE-2015-5589,
CVE-2015-5590, CVE-2015-6833, CVE-2015-7803, CVE-2015-7804)

Two NULL pointer dereference flaws were found in the XSLTProcessor class in
PHP. An attacker could use these flaws to cause a PHP application to crash
if it performed Extensible Stylesheet Language (XSL) transformations using
untrusted XSLT files and allowed the use of PHP functions to be used as
XSLT functions within XSL stylesheets. (CVE-2015-6837, CVE-2015-6838)

All rh-php56-php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd24-httpd service must be restarted for the
update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64rh-php56-php-intl< 5.6.5-8.el6rh-php56-php-intl-5.6.5-8.el6.x86_64.rpm
RedHat6x86_64rh-php56-php-gd< 5.6.5-8.el6rh-php56-php-gd-5.6.5-8.el6.x86_64.rpm
RedHat6x86_64rh-php56-php-imap< 5.6.5-8.el6rh-php56-php-imap-5.6.5-8.el6.x86_64.rpm
RedHat7x86_64rh-php56-php-snmp< 5.6.5-8.el7rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm
RedHat6x86_64rh-php56-php-pspell< 5.6.5-8.el6rh-php56-php-pspell-5.6.5-8.el6.x86_64.rpm
RedHat7x86_64rh-php56-php-ldap< 5.6.5-8.el7rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm
RedHat7x86_64rh-php56-php-fpm< 5.6.5-8.el7rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm
RedHat7x86_64rh-php56-php-devel< 5.6.5-8.el7rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm
RedHat6x86_64rh-php56-php-fpm< 5.6.5-8.el6rh-php56-php-fpm-5.6.5-8.el6.x86_64.rpm
RedHat6x86_64rh-php56-php< 5.6.5-8.el6rh-php56-php-5.6.5-8.el6.x86_64.rpm
Rows per page:
1-10 of 591

Related

veracode 12
debian 5
openvas 37
ubuntu 2
nessus 46
osv 4
amazon 6
suse 4
f5 4
slackware 2
freebsd 4
securityvulns 6
fedora 4
mageia 2
ibm 2
nvd 9
prion 9
cvelist 11
ubuntucve 10
cve 9
kaspersky 2
gentoo 1
hackerone 7
metasploit 1
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:42
Path Traversal
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:43
debian
debian
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
openvas
openvas
Debian: Security Advisory (DLA-341-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-2758-1)
2015-10-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1633-1)
2021-06-09 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
PHP vulnerabilities
2015-10-28 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2758-1)
2015-10-01 00:00:00
Amazon Linux AMI : php56 (ALAS-2015-601)
2015-10-22 00:00:00
Debian DLA-341-1 : php5 security update
2015-11-09 00:00:00
osv
osv
php5 - security update
2015-11-08 00:00:00
php5 - security update
2015-09-13 00:00:00
php5 - security update
2015-08-27 00:00:00
amazon
amazon
Medium: php55
2015-10-20 14:52:00
Medium: php56
2015-10-20 14:50:00
Low: php54
2016-03-16 16:30:00
suse
suse
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
Security update for php53 (important)
2015-10-26 15:09:54
f5
f5
SOL17377 - PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838
2015-10-08 00:00:00
K17377 : PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838
2015-10-08 00:00:00
K17503 : PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804
2015-10-29 00:00:00
slackware
slackware
[slackware-security] php
2015-10-01 21:35:28
[slackware-security] php
2016-02-04 00:07:13
freebsd
freebsd
php -- multiple vulnerabilities
2015-09-03 00:00:00
php5 -- multiple vulnerabilities
2015-08-06 00:00:00
php -- multiple vulnerabilities
2015-10-01 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2015-09-15 00:00:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-15 00:00:00
PHP security vulnerabilities
2015-11-02 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21
2015-09-14 22:23:26
[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22
2015-09-14 23:22:46
[SECURITY] Fedora 23 Update: php-5.6.13-1.fc23
2015-09-18 19:33:49
mageia
mageia
Updated php packages fix security vulnerabilities
2015-09-14 00:58:30
Updated php package fixes security vulnerabilities
2015-07-23 12:39:14
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
2018-06-18 01:31:31
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
nvd
nvd
CVE-2015-6837
2016-05-16 10:59:20
CVE-2015-6838
2016-05-16 10:59:21
CVE-2015-7804
2015-12-11 12:00:12
prion
prion
Null pointer dereference
2016-05-16 10:59:00
Null pointer dereference
2016-05-16 10:59:00
Null pointer dereference
2015-12-11 12:00:00
cvelist
cvelist
CVE-2015-6837
2016-05-16 10:00:00
CVE-2015-6838
2016-05-16 10:00:00
CVE-2015-6834
2016-05-16 10:00:00
ubuntucve
ubuntucve
CVE-2015-6838
2015-09-09 00:00:00
CVE-2015-6837
2015-09-09 00:00:00
CVE-2015-7804
2015-10-12 00:00:00
cve
cve
CVE-2015-6837
2016-05-16 10:59:20
CVE-2015-6838
2016-05-16 10:59:21
CVE-2015-6832
2016-01-19 05:59:03
kaspersky
kaspersky
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
hackerone
hackerone
Internet Bug Bounty: Dangling pointer in the unserialization of ArrayObject items
2015-07-13 00:00:00
Internet Bug Bounty: Use After Free Vulnerability in unserialize() with SplObjectStorage
2015-08-27 00:00:00
Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory
2015-07-08 00:00:00
metasploit
metasploit
Joomla HTTP Header Unauthenticated Remote Code Execution
2015-12-15 17:03:36

0.201 Low

EPSS

Percentile

96.4%

JSON
Related for RHSA-2016:0457
veracode12debian5openvas37ubuntu2nessus46osv4amazon6suse4f54slackware2freebsd4securityvulns6fedora4mageia2ibm2nvd9prion9cvelist11ubuntucve10cve9kaspersky2gentoo1hackerone7metasploit1