PublicDateAtUSN: 2015-06-09
Candidate: CVE-2015-4024
PublicDate: 2015-06-09 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
 http://www.openwall.com/lists/oss-security/2015/05/18/2
 https://ubuntu.com/security/notices/USN-2658-1
Description:
 Algorithmic complexity vulnerability in the multipart_buffer_headers
 function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and
 5.6.x before 5.6.9 allows remote attackers to cause a denial of service
 (CPU consumption) via crafted form data that triggers an improper
 order-of-growth outcome.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.php.net/bug.php?id=69364
Priority: medium
Discovered-by: Shusheng Liu
Assigned-to: mdeslaur
CVSS: 

Patches_php5:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=4605d536d23b00813d11cc906bb48d39bdcf5f25 (5.4-5.6)
upstream_php5: released (5.4.41,5.5.25,5.6.9)
precise_php5: released (5.3.10-1ubuntu3.19)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.11)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.11)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.6)
vivid_php5: released (5.6.4+dfsg-4ubuntu6.2)
devel_php5: released (5.6.9+dfsg-1ubuntu1)