php5: multiple vulnerabilities

Package(s):

php5

CVE #(s):

CVE-2014-9652 CVE-2015-1351 CVE-2015-1352

Created:

February 18, 2015

Updated:

April 27, 2015

Description:

From the Ubuntu advisory:

It was discovered that PHP incorrectly handled certain pascal strings in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9652)

It was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1351)

It was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1352)

Alerts:

Gentoo	201701-42	file	2017-01-17
SUSE	SUSE-SU-2016:1638-1	php53	2016-06-21
Gentoo	201606-10	php	2016-06-19
Scientific Linux	SLSA-2015:2155-7	file	2015-12-21
Oracle	ELSA-2015-2155	file	2015-11-23
Red Hat	RHSA-2015:2155-07	file	2015-11-19
Scientific Linux	SLSA-2015:1135-1	php	2015-06-24
Oracle	ELSA-2015-1135	php	2015-06-23
CentOS	CESA-2015:1135	php	2015-06-24
Red Hat	RHSA-2015:1135-01	php	2015-06-23
Red Hat	RHSA-2015:1053-01	php55	2015-06-04
Fedora	FEDORA-2015-6399	php	2015-04-27
Fedora	FEDORA-2015-6407	php	2015-04-23
Slackware	SSA:2015-111-10	php	2015-04-21
Arch Linux	ASA-201504-14	php	2015-04-17
Red Hat	RHSA-2015:1066-01	php54	2015-06-04
Mandriva	MDVSA-2015:080	php	2015-03-28
Mandriva	MDVSA-2015:079	php	2015-03-28
openSUSE	openSUSE-SU-2015:0440-1	php5	2015-03-06
SUSE	SUSE-SU-2015:0436-1	PHP 5.3	2015-03-05
Ubuntu	USN-2501-1	php5	2015-02-17
SUSE	SUSE-SU-2015:0424-1	php5	2015-03-04
Mageia	MGASA-2015-0090	php	2015-03-03