1
PublicDateAtUSN: 2015-08-27
2
Candidate: CVE-2015-6832
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6832
6
http://seclists.org/oss-sec/2015/q3/523
7
http://www.openwall.com/lists/oss-security/2015/08/19/3
8
https://usn.ubuntu.com/usn/usn-2758-1
10
Use-after-free vulnerability in the SPL unserialize implementation in
11
ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x
12
before 5.6.12 allows remote attackers to execute arbitrary code via crafted
13
serialized data that triggers misuse of an array field.
17
https://bugs.php.net/bug.php?id=70068
19
Discovered-by: Sean Heelan
23
upstream: http://git.php.net/?p=php-src.git;a=commit;h=b7fa67742cd8d2b0ca0c0273b157f6ffee9ad6e2
24
upstream_php5: released (5.6.12+dfsg-1)
25
precise_php5: released (5.3.10-1ubuntu3.20)
26
trusty_php5: released (5.5.9+dfsg-1ubuntu4.13)
27
vivid_php5: released (5.6.4+dfsg-4ubuntu6.3)
28
devel_php5: released (5.6.11+dfsg-1ubuntu3)