PublicDateAtUSN: 2015-06-23
Candidate: CVE-2015-4601
PublicDate: 2016-05-16 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601
 http://seclists.org/oss-sec/2015/q2/727
 https://rhn.redhat.com/errata/RHSA-2015-1135.html
 https://ubuntu.com/security/notices/USN-2658-1
Description:
 PHP before 5.6.7 might allow remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via an unexpected
 data type, related to "type confusion" issues in (1)
 ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c,
 a different issue than CVE-2015-4600.
Ubuntu-Description:
Notes:
 mdeslaur> commit already in CVE-2015-4147
Bugs:
 https://bugs.php.net/bug.php?id=69152
Priority: medium
Discovered-by: Taoguang Chen
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_php5:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 (5.4-5.6)
upstream_php5: released (5.4.39,5.5.23,5.6.7)
precise_php5: released (5.3.10-1ubuntu3.19)
trusty_php5: released (5.5.9+dfsg-1ubuntu4.11)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.11)
utopic_php5: released (5.5.12+dfsg-2ubuntu4.6)
vivid_php5: released (5.6.4+dfsg-4ubuntu6.2)
devel_php5: released (5.6.9+dfsg-1ubuntu1)