Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2015:1253-1)
Summary:The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2015:1253-1 advisory.
The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2015:1253-1 advisory.

Vulnerability Insight:
This security update of PHP fixes the following issues:
Security issues fixed:
* CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS
* CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.
* CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that
resulted in a heap overflow.
* CVE-2015-4021 [bnc#931769]: Fixed memory corruption in
phar_parse_tarfile when entry filename starts with NULL.
* CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type
confusion after unserialize() information disclosure.
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization
type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type
confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type
confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()
that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:
Added missing null byte checks for paths in various PHP extensions.
Bugs fixed:
* configure php-fpm with --localstatedir=/var [bnc#927147]
* fix timezone map [bnc#919080]

Affected Software/OS:
'php5' package(s) on SUSE Linux Enterprise Software Development Kit 12, SUSE Linux Enterprise Module for Web Scripting 12

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-3411
BugTraq ID: 75255
RedHat Security Advisories: RHSA-2015:1135
RedHat Security Advisories: RHSA-2015:1186
RedHat Security Advisories: RHSA-2015:1187
RedHat Security Advisories: RHSA-2015:1218
Common Vulnerability Exposure (CVE) ID: CVE-2015-3412
BugTraq ID: 75250
Common Vulnerability Exposure (CVE) ID: CVE-2015-4021
BugTraq ID: 74700
Debian Security Information: DSA-3280 (Google Search)
RedHat Security Advisories: RHSA-2015:1219
SuSE Security Announcement: openSUSE-SU-2015:0993 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-4022
BugTraq ID: 74902
Common Vulnerability Exposure (CVE) ID: CVE-2015-4024
BugTraq ID: 74903
Common Vulnerability Exposure (CVE) ID: CVE-2015-4026
BugTraq ID: 75056
Common Vulnerability Exposure (CVE) ID: CVE-2015-4148
BugTraq ID: 75103
RedHat Security Advisories: RHSA-2015:1053
RedHat Security Advisories: RHSA-2015:1066
SuSE Security Announcement: openSUSE-SU-2015:1057 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-4598
BugTraq ID: 75244
Debian Security Information: DSA-3344 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-4599
BugTraq ID: 75251
Common Vulnerability Exposure (CVE) ID: CVE-2015-4600
BugTraq ID: 74413
Common Vulnerability Exposure (CVE) ID: CVE-2015-4601
BugTraq ID: 75246
Common Vulnerability Exposure (CVE) ID: CVE-2015-4602
BugTraq ID: 75249
Common Vulnerability Exposure (CVE) ID: CVE-2015-4603
BugTraq ID: 75252
Common Vulnerability Exposure (CVE) ID: CVE-2015-4643
BugTraq ID: 75291
Common Vulnerability Exposure (CVE) ID: CVE-2015-4644
BugTraq ID: 75292
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.