VuXML: php5 -- multiple vulnerabilities

VuXML ID	787ef75e-44da-11e5-93ad-002590263bf5
Discovery	2015-08-06
Entry	2015-08-17
Modified	2015-09-08

The PHP project reports:

Core:

Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).

Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

Improved fix for bug #69441.

Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).

Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).

Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).

Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

[source]

CVE Name	CVE-2015-6831
CVE Name	CVE-2015-6832
CVE Name	CVE-2015-6833
URL	http://php.net/ChangeLog-5.php#5.4.44
URL	http://php.net/ChangeLog-5.php#5.5.28
URL	http://php.net/ChangeLog-5.php#5.6.12

php5 -- multiple vulnerabilities

Details

References