* SECURITY UPDATE: segfault in SplMinHeap::compare
- debian/patches/CVE-2015-4116.patch: properly handle count in
ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
- CVE-2015-4116
* SECURITY UPDATE: denial of service via recursive method calls
- debian/patches/CVE-2015-8873.patch: add limit to
Zend/zend_exceptions.c, add tests to
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt,
sapi/cli/tests/005.phpt.
- CVE-2015-8873
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2015-8876.patch: fix logic in
Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
- CVE-2015-8876
* SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
- debian/patches/CVE-2015-8935.patch: update header handling to
RFC 7230 in main/SAPI.c, added tests to
ext/standard/tests/general_functions/bug60227_*.phpt.
- CVE-2015-8935
* SECURITY UPDATE: get_icu_value_internal out-of-bounds read
- debian/patches/CVE-2016-5093.patch: add enough space in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72241.phpt.
- CVE-2016-5093
* SECURITY UPDATE: integer overflow in php_html_entities()
- debian/patches/CVE-2016-5094.patch: don't create strings with lengths
outside int range in ext/standard/html.c.
- CVE-2016-5094
* SECURITY UPDATE: string overflows in string add operations
- debian/patches/CVE-2016-5095.patch: check for size overflow in
Zend/zend_operators.c.
- CVE-2016-5095
* SECURITY UPDATE: int/size_t confusion in fread
- debian/patches/CVE-2016-5096.patch: check string length in
ext/standard/file.c, added test to
ext/standard/tests/file/bug72114.phpt.
- CVE-2016-5096
* SECURITY UPDATE: memory leak and buffer overflow in FPM
- debian/patches/CVE-2016-5114.patch: check buffer length in
sapi/fpm/fpm/fpm_log.c.
- CVE-2016-5114
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
local environment in ext/standard/basic_functions.c, main/SAPI.c,
main/php_variables.c.
- CVE-2016-5385
* SECURITY UPDATE: inadequate error handling in bzread()
- debian/patches/CVE-2016-5399.patch: do not allow reading past error
read in ext/bz2/bz2.c.
- CVE-2016-5399
* SECURITY UPDATE: double free in _php_mb_regex_ereg_replace_exec
- debian/patches/CVE-2016-5768.patch: check pointer in
ext/mbstring/php_mbregex.c, added test to
ext/mbstring/tests/bug72402.phpt.
- CVE-2016-5768
* SECURITY UPDATE: integer overflows in mcrypt
- debian/patches/CVE-2016-5769.patch: check for overflow in
ext/mcrypt/mcrypt.c.
- CVE-2016-5769
* SECURITY UPDATE: ese after free GC algorithm and unserialize
- debian/patches/CVE-2016-5771.patch: added new handler in
ext/spl/spl_array.c, added test to Zend/tests/gc_024.phpt,
ext/standard/tests/strings/bug72433.phpt.
- CVE-2016-5771
* SECURITY UPDATE: double free corruption in wddx_deserialize
- debian/patches/CVE-2016-5772.patch: prevent double-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
- CVE-2016-5772
* SECURITY UPDATE: use after free in ZipArchive class
- debian/patches/CVE-2016-5773.patch: add new handler in
ext/zip/php_zip.c, added test to
ext/standard/tests/strings/bug72434.phpt.
- CVE-2016-5773
* SECURITY UPDATE: buffer overflow in php_url_parse_ex()
- debian/patches/CVE-2016-6288.patch: handle length in
ext/standard/url.c.
- CVE-2016-6288
* SECURITY UPDATE: integer overflow in the virtual_file_ex function
- debian/patches/CVE-2016-6289.patch: properly check path_length in
Zend/zend_virtual_cwd.c.
- CVE-2016-6289
* SECURITY UPDATE: use after free in unserialize() with unexpected
session deserialization
- debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
- CVE-2016-6290
* SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
- debian/patches/CVE-2016-6291.patch: add more bounds checks to
ext/exif/exif.c.
- CVE-2016-6291
* SECURITY UPDATE: NULL pointer dereference in exif_process_user_comment
- debian/patches/CVE-2016-6292.patch: properly handle encoding in
ext/exif/exif.c.
- CVE-2016-6292
* SECURITY UPDATE: locale_accept_from_http out-of-bounds access
- debian/patches/CVE-2016-6294.patch: check length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72533.phpt.
- CVE-2016-6294
* SECURITY UPDATE: use after free vulnerability in SNMP with GC and
unserialize()
- debian/patches/CVE-2016-6295.patch: add new handler to
ext/snmp/snmp.c, add test to ext/snmp/tests/bug72479.phpt.
- CVE-2016-6295
* SECURITY UPDATE: heap buffer overflow in simplestring_addn
- debian/patches/CVE-2016-6296.patch: prevent overflows in
ext/xmlrpc/libxmlrpc/simplestring.*.
- CVE-2016-6296
* SECURITY UPDATE: integer overflow in php_stream_zip_opener
- debian/patches/CVE-2016-6297.patch: use size_t in
ext/zip/zip_stream.c.
- CVE-2016-6297
* debian/patches/fix_exif_tests.patch: fix exif test results after
security changes.
This bug was fixed in the package php5 - 5.5.9+dfsg- 1ubuntu4. 19
--------------- dfsg-1ubuntu4. 19) trusty-security; urgency=medium
php5 (5.5.9+
* SECURITY UPDATE: segfault in SplMinHeap::compare patches/ CVE-2015- 4116.patch: properly handle count in spl/spl_ heap.c, added test to ext/spl/tests/bug69737.phpt. patches/ CVE-2015- 8873.patch: add limit to zend_exceptions .c, add tests to standard/ tests/serialize /bug69152.phpt, standard/ tests/serialize /bug69793.phpt, cli/tests/ 005.phpt. patches/ CVE-2015- 8876.patch: fix logic in zend_exceptions .c, added test to Zend/tests/bug70121.phpt. patches/ CVE-2015- 8935.patch: update header handling to standard/ tests/general_ functions/bug60227_*.phpt. value_internal out-of-bounds read patches/ CVE-2016- 5093.patch: add enough space in intl/locale/ locale_ methods. c, added test to intl/tests/bug72241.phpt. patches/ CVE-2016- 5094.patch: don't create strings with lengths html.c. patches/ CVE-2016- 5095.patch: check for size overflow in zend_operators. c. patches/ CVE-2016- 5096.patch: check string length in standard/ file.c, added test to standard/ tests/file/bug72114.phpt. patches/ CVE-2016- 5114.patch: check buffer length in fpm/fpm/ fpm_log. c. patches/ CVE-2016- 5385.patch: only use HTTP_PROXY from the basic_functions .c, main/SAPI.c, php_variables. c. patches/ CVE-2016- 5399.patch: do not allow reading past error regex_ereg_ replace_ exec patches/ CVE-2016- 5768.patch: check pointer in mbstring/ php_mbregex. c, added test to mbstring/ tests/bug72402.phpt. patches/ CVE-2016- 5769.patch: check for overflow in mcrypt/ mcrypt. c. patches/ CVE-2016- 5771.patch: added new handler in spl/spl_ array.c, added test to Zend/tests/ gc_024. phpt, standard/ tests/strings/bug72433.phpt. patches/ CVE-2016- 5772.patch: prevent double-free in wddx/wddx. c, added test to ext/wddx/tests/bug72340.phpt. patches/ CVE-2016- 5773.patch: add new handler in zip/php_ zip.c, added test to standard/ tests/strings/bug72434.phpt. patches/ CVE-2016- 6288.patch: handle length in standard/ url.c. patches/ CVE-2016- 6289.patch: properly check path_length in zend_virtual_ cwd.c. patches/ CVE-2016- 6290.patch: destroy var_hash properly in session/ session. c, added test to ext/session/tests/bug72562.phpt. IFD_in_ MAKERNOTE patches/ CVE-2016- 6291.patch: add more bounds checks to exif/exif. c. user_comment patches/ CVE-2016- 6292.patch: properly handle encoding in exif/exif. c. accept_ from_http out-of-bounds access patches/ CVE-2016- 6294.patch: check length in intl/locale/ locale_ methods. c, added test to intl/tests/bug72533.phpt. patches/ CVE-2016- 6295.patch: add new handler to snmp/snmp. c, add test to ext/snmp/tests/bug72479.phpt. patches/ CVE-2016- 6296.patch: prevent overflows in xmlrpc/ libxmlrpc/ simplestring. *. zip_opener patches/ CVE-2016- 6297.patch: use size_t in zip/zip_ stream. c. patches/ fix_exif_ tests.patch: fix exif test results after
- debian/
ext/
- CVE-2015-4116
* SECURITY UPDATE: denial of service via recursive method calls
- debian/
Zend/
ext/
ext/
sapi/
- CVE-2015-8873
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/
Zend/
- CVE-2015-8876
* SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
- debian/
RFC 7230 in main/SAPI.c, added tests to
ext/
- CVE-2015-8935
* SECURITY UPDATE: get_icu_
- debian/
ext/
ext/
- CVE-2016-5093
* SECURITY UPDATE: integer overflow in php_html_entities()
- debian/
outside int range in ext/standard/
- CVE-2016-5094
* SECURITY UPDATE: string overflows in string add operations
- debian/
Zend/
- CVE-2016-5095
* SECURITY UPDATE: int/size_t confusion in fread
- debian/
ext/
ext/
- CVE-2016-5096
* SECURITY UPDATE: memory leak and buffer overflow in FPM
- debian/
sapi/
- CVE-2016-5114
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/
local environment in ext/standard/
main/
- CVE-2016-5385
* SECURITY UPDATE: inadequate error handling in bzread()
- debian/
read in ext/bz2/bz2.c.
- CVE-2016-5399
* SECURITY UPDATE: double free in _php_mb_
- debian/
ext/
ext/
- CVE-2016-5768
* SECURITY UPDATE: integer overflows in mcrypt
- debian/
ext/
- CVE-2016-5769
* SECURITY UPDATE: ese after free GC algorithm and unserialize
- debian/
ext/
ext/
- CVE-2016-5771
* SECURITY UPDATE: double free corruption in wddx_deserialize
- debian/
ext/
- CVE-2016-5772
* SECURITY UPDATE: use after free in ZipArchive class
- debian/
ext/
ext/
- CVE-2016-5773
* SECURITY UPDATE: buffer overflow in php_url_parse_ex()
- debian/
ext/
- CVE-2016-6288
* SECURITY UPDATE: integer overflow in the virtual_file_ex function
- debian/
Zend/
- CVE-2016-6289
* SECURITY UPDATE: use after free in unserialize() with unexpected
session deserialization
- debian/
ext/
- CVE-2016-6290
* SECURITY UPDATE: out of bounds read in exif_process_
- debian/
ext/
- CVE-2016-6291
* SECURITY UPDATE: NULL pointer dereference in exif_process_
- debian/
ext/
- CVE-2016-6292
* SECURITY UPDATE: locale_
- debian/
ext/
ext/
- CVE-2016-6294
* SECURITY UPDATE: use after free vulnerability in SNMP with GC and
unserialize()
- debian/
ext/
- CVE-2016-6295
* SECURITY UPDATE: heap buffer overflow in simplestring_addn
- debian/
ext/
- CVE-2016-6296
* SECURITY UPDATE: integer overflow in php_stream_
- debian/
ext/
- CVE-2016-6297
* debian/
security changes.
-- Marc Deslauriers <email address hidden> Thu, 28 Jul 2016 08:57:10 -0400