SB2016011913 - Multiple vulnerabilities in PHP
Published: January 19, 2016 Updated: August 9, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2015-6834)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. <a href="http://cwe.mitre.org/data/definitions/502.html">CWE-502: Deserialization of Untrusted Data</a>
2) Input validation error (CVE-ID: CVE-2015-6836)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>
Remediation
Install update from vendor's website.
References
- http://php.net/ChangeLog-5.php
- http://www.debian.org/security/2015/dsa-3358
- http://www.securityfocus.com/bid/76649
- http://www.securitytracker.com/id/1033548
- https://bugs.php.net/bug.php?id=70172
- https://bugs.php.net/bug.php?id=70365
- https://bugs.php.net/bug.php?id=70366
- https://security.gentoo.org/glsa/201606-10
- http://www.php.net/ChangeLog-5.php
- http://www.securityfocus.com/bid/76644
- https://bugs.php.net/bug.php?id=70388