Mandriva Linux Security Advisory : php (MDVSA-2015:079)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in php :

S. Paraschoudis discovered that PHP incorrectly handled memory in the
enchant binding. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2014-9705).

Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2015-0273).

It was discovered that PHP incorrectly handled memory in the phar
extension. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-2301).

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute
arbitrary code via a crafted unserialize call that leverages improper
handling of duplicate numerical keys within the serialized properties
of an object. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libzip, which is embedded in PHP, processed certain
ZIP archives. If an attacker were able to supply a specially crafted
ZIP archive to an application using libzip, it could cause the
application to crash or, possibly, execute arbitrary code
(CVE-2015-2331).

It was discovered that the PHP opcache component incorrectly handled
memory. A remote attacker could possibly use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute
arbitrary code (CVE-2015-1351).

It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers. A remote attacker could possibly
use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code (CVE-2015-1352).

The updated php packages have been patched and upgraded to the 5.5.23
version which is not vulnerable to these issues. The libzip packages
has been patched to address the CVE-2015-2331 flaw.

Additionally the php-xdebug package has been upgraded to the latest
2.3.2 and the PECL packages which requires so has been rebuilt for
php-5.5.23.

See also :

http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.5.23
http://www.ubuntu.com/usn/usn-2501-1/
http://www.ubuntu.com/usn/usn-2535-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1204676

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82332 ()

Bugtraq ID: 71929
71932
72539
72701
73031
73037
73182

CVE ID: CVE-2014-9705
CVE-2015-0231
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2331

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now