ID de Prueba:	1.3.6.1.4.1.25623.1.0.703195
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 3195-1 (php5 - security update)
Resumen:	Multiple vulnerabilities have been discovered in the PHP language:;;CVE-2015-2305;Guido Vranken discovered a heap overflow in the ereg extension;(only applicable to 32 bit systems).;;CVE-2014-9705;Buffer overflow in the enchant extension.;;CVE-2015-0231;Stefan Esser discovered a use-after-free in the unserialisation;of objects.;;CVE-2015-0232;Alex Eubanks discovered incorrect memory management in the exif;extension.;;CVE-2015-0273;Use-after-free in the unserialisation of DateTimeZone.
Descripción:	Summary: Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). CVE-2014-9705 Buffer overflow in the enchant extension. CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015-0232 Alex Eubanks discovered incorrect memory management in the exif extension. CVE-2015-0273 Use-after-free in the unserialisation of DateTimeZone. Affected Software/OS: php5 on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 5.4.38-0+deb7u1. For the upcoming stable distribution (jessie), these problems have been fixed in version 5.6.6+dfsg-2. For the unstable distribution (sid), these problems have been fixed in version 5.6.6+dfsg-2. We recommend that you upgrade your php5 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9705 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 73031 http://www.securityfocus.com/bid/73031 Debian Security Information: DSA-3195 (Google Search) http://www.debian.org/security/2015/dsa-3195 https://security.gentoo.org/glsa/201606-10 HPdes Security Advisory: HPSBMU03380 http://marc.info/?l=bugtraq&m=143748090628601&w=2 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 https://www.htbridge.com/advisory/HTB23252 http://openwall.com/lists/oss-security/2015/03/15/6 RedHat Security Advisories: RHSA-2015:1053 http://rhn.redhat.com/errata/RHSA-2015-1053.html RedHat Security Advisories: RHSA-2015:1066 http://rhn.redhat.com/errata/RHSA-2015-1066.html RedHat Security Advisories: RHSA-2015:1135 http://rhn.redhat.com/errata/RHSA-2015-1135.html RedHat Security Advisories: RHSA-2015:1218 http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.securitytracker.com/id/1031948 SuSE Security Announcement: SUSE-SU-2015:0868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:0644 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://www.ubuntu.com/usn/USN-2535-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0231 BugTraq ID: 72539 http://www.securityfocus.com/bid/72539 https://security.gentoo.org/glsa/201503-03 HPdes Security Advisory: HPSBUX03337 http://marc.info/?l=bugtraq&m=143403519711434&w=2 HPdes Security Advisory: SSRT102066 http://www.mandriva.com/security/advisories?name=MDVSA-2015:032 SuSE Security Announcement: SUSE-SU-2015:0365 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html SuSE Security Announcement: openSUSE-SU-2015:0325 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html Common Vulnerability Exposure (CVE) ID: CVE-2015-0232 BugTraq ID: 72541 http://www.securityfocus.com/bid/72541 Common Vulnerability Exposure (CVE) ID: CVE-2015-0273 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72701 http://www.securityfocus.com/bid/72701 http://www.securitytracker.com/id/1031945 SuSE Security Announcement: SUSE-SU-2015:0424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html SuSE Security Announcement: SUSE-SU-2015:0436 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:0440 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2305 BugTraq ID: 72611 http://www.securityfocus.com/bid/72611 CERT/CC vulnerability note: VU#695940 http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ http://openwall.com/lists/oss-security/2015/02/07/14 http://openwall.com/lists/oss-security/2015/03/11/8 http://www.securitytracker.com/id/1031947 SuSE Security Announcement: SUSE-SU-2015:0946 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:0906 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://www.ubuntu.com/usn/USN-2572-1 http://www.ubuntu.com/usn/USN-2594-1
Copyright	Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.