OPCache: Fixed bug #68677 (Use After Free). (CVE-2015-1351) Phar: Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783) Postgres: Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) +5.4 only (already fixed in 5.5, 5.6): GD: Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
CVE-2015-3324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3324): The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. CVE-2015-2301 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301): Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. CVE-2015-1352 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352): The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. CVE-2014-9709 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709): The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
NOT CVE-2015-3324 (Removing)
CVE-2015-1351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351): Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Ebuilds in the tree. Feel free to stabilise
Arches, please test and mark stable: =dev-lang/php-5.4.40 =dev-lang/php-5.5.24 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you!
amd64 stable
x86 stable
Stable for HPPA PPC64.
We just hit a bug with these new versions: https://bugs.php.net/bug.php?id=69402 It's already fixed in master: - OpenSSL: . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
alpha stable
ia64 stable
ppc stable
sparc stable
arm stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
CVE-2015-2783 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783): ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
CVE-2013-6501 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501): The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
CVE-2015-3330 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330): The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." CVE-2015-3329 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329): Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F).