Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2015-111-10
HistoryApr 22, 2015 - 1:22 a.m.

[slackware-security] php

2015-04-2201:22:40
Slackware Linux Project
www.slackware.com
32

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.953 High

EPSS

Percentile

99.4%

JSON

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
This update fixes some security issues.
Please note that this package build also moves the configuration files
from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
For more information, see:
https://vulners.com/cve/CVE-2014-9709
https://vulners.com/cve/CVE-2015-0231
https://vulners.com/cve/CVE-2015-1351
https://vulners.com/cve/CVE-2015-1352
https://vulners.com/cve/CVE-2015-2301
https://vulners.com/cve/CVE-2015-2305
https://vulners.com/cve/CVE-2015-2331
https://vulners.com/cve/CVE-2015-2783
https://vulners.com/cve/CVE-2015-3330
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz

Slackware 14.1 package:
9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz

Slackware -current package:
30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz

Slackware x86_64 -current package:
1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php-5.4.40-i486-1_slack14.1.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

Related

nessus 49
openvas 41
freebsd 3
amazon 7
kaspersky 2
archlinux 2
fedora 11
suse 2
securityvulns 6
debian 5
osv 4
f5 6
ubuntu 2
mageia 3
veracode 27
redhat 1
oraclelinux 1
cvelist 4
nvd 5
ubuntucve 4
prion 5
hackerone 1
debiancve 3
cve 4
checkpoint_advisories 1
nessus
nessus
Slackware 14.0 / 14.1 / current : php (SSA:2015-111-10)
2015-04-22 00:00:00
FreeBSD : Several vulnerabilities found in PHP (1e232a0c-eb57-11e4-b595-4061861086c1)
2015-04-27 00:00:00
Amazon Linux AMI : php54 (ALAS-2015-509)
2015-04-20 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2015-111-10)
2022-04-21 00:00:00
Fedora Update for php FEDORA-2015-4236
2015-03-31 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-506)
2015-09-08 00:00:00
freebsd
freebsd
Several vulnerabilities found in PHP
2015-04-16 00:00:00
Several vulnerabilities found in PHP
2015-03-19 00:00:00
libzip -- integer overflow
2015-03-18 00:00:00
amazon
amazon
Important: php54
2015-04-17 12:04:00
Important: php54
2015-04-15 21:49:00
Important: php56
2015-04-15 21:50:00
kaspersky
kaspersky
KLA10515 Multiple vulnerabilities in PHP and extensions
2015-03-30 00:00:00
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
archlinux
archlinux
php: multiple issues
2015-04-17 00:00:00
php: integer overflow
2015-03-28 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.8-1.fc21
2015-04-23 16:11:13
[SECURITY] Fedora 22 Update: php-5.6.8-1.fc22
2015-04-22 22:52:07
[SECURITY] Fedora 20 Update: php-5.5.24-1.fc20
2015-04-27 08:39:40
suse
suse
Security update for php5 (important)
2015-05-13 15:07:04
Security update for php5 (important)
2015-05-12 17:05:25
securityvulns
securityvulns
[SECURITY] [DSA 3198-1] php5 security update
2015-03-21 00:00:00
PHP multiple security vulnerabilities
2015-03-21 00:00:00
PHP multiple security vulnerabilities
2015-02-22 00:00:00
debian
debian
[SECURITY] [DSA 3198-2] php5 regression update
2015-03-28 18:47:31
[SECURITY] [DLA 212-1] php5 security update
2015-04-29 20:45:33
[SECURITY] [DSA 3198-2] php5 regression update
2015-03-28 18:47:31
osv
osv
php5 - security update
2015-04-29 00:00:00
php5 - regression update
2015-03-20 00:00:00
php5 - security update
2015-03-20 00:00:00
f5
f5
SOL16714 - PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331
2015-06-08 00:00:00
K16714 : PHP vulnerabilities CVE-2015-2301 and CVE-2015-2331
2015-06-08 00:00:00
K17127 : PHP vulnerability CVE-2014-9709
2015-08-14 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-04-20 00:00:00
PHP vulnerabilities
2015-02-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2015-04-25 23:15:07
Updated php and libzip packages fix security vulnerabilities
2015-04-04 14:13:35
Updated php packages fix security vulnerabilities
2015-03-04 00:16:02
veracode
veracode
Buffer Overflow
2019-05-02 05:39:27
Denial Of Service (DoS)
2019-05-02 05:39:27
Denial Of Service (DoS)
2019-05-02 05:39:23
redhat
redhat
(RHSA-2015:1053) Moderate: php55 security and bug fix update
2015-06-04 00:00:00
oraclelinux
oraclelinux
php55 security and bug fix update
2016-02-04 00:00:00
cvelist
cvelist
CVE-2014-9709
2015-03-30 10:00:00
CVE-2015-2331
2015-03-30 10:00:00
CVE-2015-2305
2015-03-30 10:00:00
nvd
nvd
CVE-2014-9709
2015-03-30 10:59:05
CVE-2015-2331
2015-03-30 10:59:12
CVE-2015-3330
2015-06-09 18:59:03
ubuntucve
ubuntucve
CVE-2014-9709
2015-03-30 00:00:00
CVE-2015-2331
2015-03-30 00:00:00
CVE-2015-3330
2015-04-20 00:00:00
prion
prion
Integer overflow
2015-03-30 10:59:00
Design/Logic Flaw
2015-03-30 10:59:00
Design/Logic Flaw
2015-03-30 10:59:00
hackerone
hackerone
Internet Bug Bounty: ZIP Integer Overflow leads to writing past heap boundary
2015-03-18 00:00:00
debiancve
debiancve
CVE-2014-9709
2015-03-30 10:59:05
CVE-2015-2305
2015-03-30 10:59:11
CVE-2015-2331
2015-03-30 10:59:12
cve
cve
CVE-2014-9709
2015-03-30 10:59:05
CVE-2015-2331
2015-03-30 10:59:12
CVE-2015-2305
2015-03-30 10:59:11
checkpoint_advisories
checkpoint_advisories
PHP Group PHP ZIP Integer Overflow (CVE-2015-2331)
2015-04-14 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.953 High

EPSS

Percentile

99.4%

JSON
Related for SSA-2015-111-10
nessus49openvas41freebsd3amazon7kaspersky2archlinux2fedora11suse2securityvulns6debian5osv4f56ubuntu2mageia3veracode27redhat1oraclelinux1cvelist4nvd5ubuntucve4prion5hackerone1debiancve3cve4checkpoint_advisories1