FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
php5 < 5.4.41
php55 < 5.5.25
php56 < 5.6.9

Details

VuXML ID 31de2e13-00d2-11e5-a072-d050996490d0
Discovery 2015-05-14
Entry 2015-05-22

PHP development team reports:

Fixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability). (CVE-2015-4024)

Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)

Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)

Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)

Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)

References

CVE Name CVE-2015-4021
CVE Name CVE-2015-4022
CVE Name CVE-2015-4024
CVE Name CVE-2015-4025
CVE Name CVE-2015-4026
URL https://php.net/ChangeLog-5.php#5.6.9