CVE-2015-2787 in Ubuntu

CVE-2015-2787

Priority

Medium

Description

Use-after-free vulnerability in the process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23,
and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code
via a crafted unserialize call that leverages use of the unset function
within an __wakeup function, a related issue to CVE-2015-0231.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d
http://php.net/ChangeLog-5.php
https://usn.ubuntu.com/usn/usn-2572-1

Bugs

https://bugs.php.net/bug.php?id=68976

Assigned-to

mdeslaur

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	released (5.6.7)
Ubuntu 14.04 LTS (Trusty Tahr):	released (5.5.9+dfsg-1ubuntu4.9)

Patches:

Upstream:	https://github.com/php/php-src/commit/780222f97f47644a6a118ada86a269a96a1e8134 (5.6)
Upstream:	https://github.com/php/php-src/commit/d76b293ac71aa5bd4e9a433192afef6e0dd5a4ee (5.6)
Upstream:	https://github.com/php/php-src/commit/646572d6d3847d68124b03936719f60936b49a38 (5.4,5.5)
Upstream:	https://github.com/php/php-src/commit/8b14d3052ffcffa17d6e2be652f20e18f8f562ad (5.4,5.5 test)

More Information

Updated: 2017-12-15 20:34:18 UTC (commit 13913)