[arch-security] [ASA-201501-17] php: remote code execution

Remi Gacogne rgacogne at archlinux.org
Fri Jan 23 13:51:34 UTC 2015


Arch Linux Security Advisory ASA-201501-17
==========================================

Severity: Critical
Date    : 2015-01-23
CVE-ID  : CVE-2014-9427 CVE-2015-0231 CVE-2015-0232
Package : php
Type    : remote code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package php before version 5.6.5-1 is vulnerable to arbitrary remote
code execution.

Resolution
==========

Upgrade to 5.6.5-1.

# pacman -Syu "php>=5.6.5-1"

The problem has been fixed upstream in version 5.6.5.

Workaround
==========

None.

Description
===========

- CVE-2014-9427 (information leak, remote code execution)

A one-byte file containing only the '#' character, not followed by any
newline, causes php-cgi to do an out of bound read, potentially
disclosing sensitive information present in memory or even triggering
code execution if adjacent memory location contains valid PHP code.

- CVE-2015-0231 (remote code execution)

A use-after-free vulnerability in unserialize() allows a remote attacker
to execute arbitrary code. This vulnerability results from an incomplete
fix for CVE-2014-8142.

- CVE-2015-0232 (remote code execution)

An attempt to free an uninitialized pointer may result in arbitrary code
execution while parsing exif information from a carefully crafted file.

Impact
======

A remote attacker may be able to execute arbitrary code on the affected
host.

References
==========

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9427
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0231
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0232
https://bugs.php.net/bug.php?id=68618
https://bugs.php.net/bug.php?id=68710
https://bugs.php.net/bug.php?id=68799

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150123/2ab17195/attachment.asc>


More information about the arch-security mailing list