Arch Linux Security Advisory ASA-201501-17 ========================================== Severity: Critical Date : 2015-01-23 CVE-ID : CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 Package : php Type : remote code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package php before version 5.6.5-1 is vulnerable to arbitrary remote code execution. Resolution ========== Upgrade to 5.6.5-1. # pacman -Syu "php>=5.6.5-1" The problem has been fixed upstream in version 5.6.5. Workaround ========== None. Description =========== - CVE-2014-9427 (information leak, remote code execution) A one-byte file containing only the '#' character, not followed by any newline, causes php-cgi to do an out of bound read, potentially disclosing sensitive information present in memory or even triggering code execution if adjacent memory location contains valid PHP code. - CVE-2015-0231 (remote code execution) A use-after-free vulnerability in unserialize() allows a remote attacker to execute arbitrary code. This vulnerability results from an incomplete fix for CVE-2014-8142. - CVE-2015-0232 (remote code execution) An attempt to free an uninitialized pointer may result in arbitrary code execution while parsing exif information from a carefully crafted file. Impact ====== A remote attacker may be able to execute arbitrary code on the affected host. References ========== http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9427 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0231 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0232 https://bugs.php.net/bug.php?id=68618 https://bugs.php.net/bug.php?id=68710 https://bugs.php.net/bug.php?id=68799