Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.842472
Category:Ubuntu Local Security Checks
Title:Ubuntu Update for php5 USN-2758-1
Summary:The remote host is missing an update for the 'php5'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'php5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that the PHP phar extension
incorrectly handled certain files. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2015-5589)

It was discovered that the PHP phar extension incorrectly handled certain
filepaths. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-5590)

Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835

Sean Heelan discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6832)

It was discovered that the PHP phar extension incorrectly handled certain
archives. A remote attacker could use this issue to cause files to be
placed outside of the destination directory. (CVE-2015-6833)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6836)

It was discovered that the PHP XSLTProcessor class incorrectly handled
certain data. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-6837)

Affected Software/OS:
php5 on Ubuntu 15.04,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5589
BugTraq ID: 75974
http://www.securityfocus.com/bid/75974
Debian Security Information: DSA-3344 (Google Search)
http://www.debian.org/security/2015/dsa-3344
http://openwall.com/lists/oss-security/2015/07/18/1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5590
BugTraq ID: 75970
http://www.securityfocus.com/bid/75970
Common Vulnerability Exposure (CVE) ID: CVE-2015-6831
BugTraq ID: 76737
http://www.securityfocus.com/bid/76737
https://security.gentoo.org/glsa/201606-10
http://www.openwall.com/lists/oss-security/2015/08/19/3
Common Vulnerability Exposure (CVE) ID: CVE-2015-6834
BugTraq ID: 76649
http://www.securityfocus.com/bid/76649
Debian Security Information: DSA-3358 (Google Search)
http://www.debian.org/security/2015/dsa-3358
http://www.securitytracker.com/id/1033548
Common Vulnerability Exposure (CVE) ID: CVE-2015-6835
BugTraq ID: 76734
http://www.securityfocus.com/bid/76734
Common Vulnerability Exposure (CVE) ID: CVE-2015-6832
Common Vulnerability Exposure (CVE) ID: CVE-2015-6833
Common Vulnerability Exposure (CVE) ID: CVE-2015-6836
BugTraq ID: 76644
http://www.securityfocus.com/bid/76644
Common Vulnerability Exposure (CVE) ID: CVE-2015-6837
BugTraq ID: 76738
http://www.securityfocus.com/bid/76738
Common Vulnerability Exposure (CVE) ID: CVE-2015-6838
BugTraq ID: 76733
http://www.securityfocus.com/bid/76733
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.