1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2015-06-23
Candidate: CVE-2015-4602
PublicDate: 2016-05-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602
http://seclists.org/oss-sec/2015/q2/727
https://rhn.redhat.com/errata/RHSA-2015-1135.html
http://www.ubuntu.com/usn/usn-2658-1
Description:
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via an unexpected data type, related to a
"type confusion" issue.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.php.net/bug.php?id=69152
Priority: medium
Discovered-by: Taoguang Chen
Assigned-to: mdeslaur
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 (5.4-5.6)
upstream_php5: released (5.6.9+dfsg-1)
precise_php5: released (5.3.10-1ubuntu3.19)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.11)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.6)
vivid_php5: released (5.6.4+dfsg-4ubuntu6.2)
devel_php5: released (5.6.9+dfsg-1ubuntu1)
|