rh-php56-php-5.6.5-8.el7
エラータID: AXSA:2016-140:02
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
This package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP 2.4 Server.
Security issues fixed with this release:
CVE-2015-5589
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5590
Stack-based buffer overflow in the phar_fix_filepath function in
ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x
before 5.6.11 allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a large length value, as
demonstrated by mishandling of an e-mail attachment by the imap PHP
extension.
CVE-2015-6831
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44,
5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to
execute arbitrary code via vectors involving (1) ArrayObject, (2)
SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled
during unserialization.
CVE-2015-6832
Use-after-free vulnerability in the SPL unserialize implementation in
ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and
5.6.x before 5.6.12 allows remote attackers to execute arbitrary code
via crafted serialized data that triggers misuse of an array field.
CVE-2015-6833
Directory traversal vulnerability in the PharData class in PHP before
5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote
attackers to write to arbitrary files via a .. (dot dot) in a ZIP
archive entry that is mishandled during an extractTo call.
CVE-2015-6834
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6835
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6836
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45,
5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage
headers, which allows remote attackers to execute arbitrary code via
crafted serialized data that triggers a "type confusion" in the
serialize_function_call function.
CVE-2015-6837
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6838
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7803
The phar_get_entry_data function in ext/phar/util.c in PHP before
5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
a .phar file with a crafted TAR archive entry in which the Link
indicator references a file that does not exist.
CVE-2015-7804
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c
in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
to cause a denial of service (uninitialized pointer dereference and
application crash) by including the / filename in a .zip PHAR archive.
Update packages.
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
N/A
SRPMS
- rh-php56-php-5.6.5-8.el7.src.rpm
MD5: 0fbe5b3e6b1dbb13083265abc3ef0efa
SHA-256: b6861f549d23c588886e2041932d2c6014474d99c8bed52f3fddabb9988e5ea4
Size: 10.99 MB
Asianux Server 7 for x86_64
- rh-php56-php-5.6.5-8.el7.x86_64.rpm
MD5: d39c8713aabfcf28f666fe84e1c766bb
SHA-256: 505aa37495678d0f4d9170aad7780a5de36d1e58421f788af99fd690cc3957ea
Size: 1.29 MB - rh-php56-php-bcmath-5.6.5-8.el7.x86_64.rpm
MD5: 0d961d80ebdff55a587a02d3a05fd431
SHA-256: bfe94f3c6cdbb98ae640098d21547bc3c4aa6c03b8881700c143293e9fbf69f4
Size: 58.07 kB - rh-php56-php-cli-5.6.5-8.el7.x86_64.rpm
MD5: e24716c7f5fdf06954dd8b7ce306ba9d
SHA-256: 49ec25f4a387cd02ef92964842638b3dc64ce56509f487c5df0ad1a193a39035
Size: 2.62 MB - rh-php56-php-common-5.6.5-8.el7.x86_64.rpm
MD5: f4002be2c992926fdbcabeacaa7bc29f
SHA-256: 6a848817051e63fc04c77f270a4012ad9619b0bd15e4e180b56451632453dda8
Size: 728.70 kB - rh-php56-php-dba-5.6.5-8.el7.x86_64.rpm
MD5: d04b6590fe30d7aeafc7b1138ddd833c
SHA-256: de31f7e8b0894960cbf0ffd31eed30fa834253c5764b72cebc4ad9ee69328245
Size: 56.69 kB - rh-php56-php-dbg-5.6.5-8.el7.x86_64.rpm
MD5: 400993fe5415f30c03dfa2b9e5bb8ce5
SHA-256: f420fd50c1665b0a5c2262fe2ba4b160f59dee4cee0f76f58ccb3aaf88107678
Size: 1.35 MB - rh-php56-php-devel-5.6.5-8.el7.x86_64.rpm
MD5: d9bce441c823ec4f52c4a9c19050d7bd
SHA-256: 9904633b54407d0e94630291e0e7744216515805e2864be912c37e57245b14ec
Size: 626.03 kB - rh-php56-php-embedded-5.6.5-8.el7.x86_64.rpm
MD5: 43d0ae30c68370bc8ec00bcc765f2185
SHA-256: e859eecf9913ad6fdda83baac5a901593074cfb02f9f2ea621dcab757a3ab653
Size: 1.28 MB - rh-php56-php-enchant-5.6.5-8.el7.x86_64.rpm
MD5: 5bebba7000c1a918cf88075077a9e107
SHA-256: b1b9e849fd4400a5504f2cb3bbdcb0645b6ce7fb5fb205ea8b8592a78c2ed017
Size: 42.79 kB - rh-php56-php-fpm-5.6.5-8.el7.x86_64.rpm
MD5: 67bc33de517b3d0dee6ccfead4c4e194
SHA-256: 09756ddf052add67eb2e0b6ff109297028b0a2e772deb61254188b4ab26fc5f6
Size: 1.36 MB - rh-php56-php-gd-5.6.5-8.el7.x86_64.rpm
MD5: 73930d7fda391235cc23ddf331c16263
SHA-256: ad92a681d55db61e0e46120e2942d390bd445271fe81f02c10607162d19b3618
Size: 155.77 kB - rh-php56-php-gmp-5.6.5-8.el7.x86_64.rpm
MD5: 1540c0e2b02ae0b4b6641fb956377557
SHA-256: d72ac8cac8dd22e9b0dab349df16b7976fb66608c99a591e474a717f1386bf3c
Size: 54.78 kB - rh-php56-php-intl-5.6.5-8.el7.x86_64.rpm
MD5: 2fa38745f20cad32a7252c5f60d4b3cf
SHA-256: c6b16bf62809b75a15c928fb9f701231f5ba2b828d1e41a5849454f187e2fdad
Size: 148.18 kB - rh-php56-php-ldap-5.6.5-8.el7.x86_64.rpm
MD5: 52b86143854078b6b8bd494c2eb69612
SHA-256: c7a4d05805364157d48d39534d7ef1c3dc50f862155fe3a8dca071b54cb1db5b
Size: 55.42 kB - rh-php56-php-mbstring-5.6.5-8.el7.x86_64.rpm
MD5: 5e7057ccc7fcee79af7c86b46472fe6a
SHA-256: b0cd7f8b284378498a0e1ebc7e86b44cf66864c861db57037288f4e962f5b10f
Size: 517.35 kB - rh-php56-php-mysqlnd-5.6.5-8.el7.x86_64.rpm
MD5: 8bbda104a3231754c5179463fd0f0458
SHA-256: 8971cfcc23f5f8d7a4bc7fdfb3abf7aeefe8609f5b93247a391765416d3f7625
Size: 1.20 MB - rh-php56-php-odbc-5.6.5-8.el7.x86_64.rpm
MD5: e03585e5083f2a151c37c1e0a37a0d28
SHA-256: 90e8ea91f4b71b274b0f1d1ddb0606f94e091d1fc8e3f42f64af66131c789330
Size: 66.23 kB - rh-php56-php-opcache-5.6.5-8.el7.x86_64.rpm
MD5: 38a03d376bf4e9d2154686412dfab44d
SHA-256: ed9cb0f1e1d154ae5356c2d035826696448efd4a65ecabcccdfed72cb5a24197
Size: 99.38 kB - rh-php56-php-pdo-5.6.5-8.el7.x86_64.rpm
MD5: 58644b8d5cc218f1def55cc2af53e645
SHA-256: 7097471b843c0db5e95aa4a09c8fcbf072e7eb2256beb891dbf53282024d6f62
Size: 99.25 kB - rh-php56-php-pgsql-5.6.5-8.el7.x86_64.rpm
MD5: b9121bb198190fa522ce9f1aa3b41920
SHA-256: b4606263c9726899094780ba6781073b5d6aca81c3a0a9f6bd0a78b8b4418e59
Size: 92.92 kB - rh-php56-php-process-5.6.5-8.el7.x86_64.rpm
MD5: a5a02d4341a3ac91fa204d379a3fb696
SHA-256: 9c382d223c0f4b95401b3844b6dd97b256957131c6b558b1847da163ea1c73c4
Size: 60.23 kB - rh-php56-php-pspell-5.6.5-8.el7.x86_64.rpm
MD5: 7f3de8751de7f5fba22ea4fe7f38f1ef
SHA-256: 5663742c383fe979c8a6511ee73050a25cca7d25bb8976cb3f85ee7d9d45d6cb
Size: 42.01 kB - rh-php56-php-recode-5.6.5-8.el7.x86_64.rpm
MD5: 3edc9ed8b950cd9ac67f2e5a51822c94
SHA-256: f479aa47485feabf5f25974c4d4e345250f52dcfc00573e6575792cbcf3422c7
Size: 38.93 kB - rh-php56-php-snmp-5.6.5-8.el7.x86_64.rpm
MD5: 91dba0df11ff7febe5c7e033bd6d7d8b
SHA-256: 661c04e69b992ba13ab3192569fb81ab5f791965866bec89cd268ad70115364a
Size: 53.42 kB - rh-php56-php-soap-5.6.5-8.el7.x86_64.rpm
MD5: 021658e0292bb5d8378b9b50d379ca93
SHA-256: 6211877809f5dcde6979546efb6414e1ed628c764f940608de54c10d49676dba
Size: 159.94 kB - rh-php56-php-xml-5.6.5-8.el7.x86_64.rpm
MD5: 37f34f8fb6d986410980aae00370985f
SHA-256: 49ae9174e796aed436c10765deb0d48c767eea872321240b97e305b0e3870fe3
Size: 160.25 kB - rh-php56-php-xmlrpc-5.6.5-8.el7.x86_64.rpm
MD5: f64898d669064e87121db625e8bebb28
SHA-256: 363a2a182faac1417d16a230e059f586df1e2a5d22450bd0375a02cbdea7ed24
Size: 68.41 kB