CVE-2015-6834 in Ubuntu

CVE-2015-6834

Priority

Description

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before
5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary
code via vectors related to (1) the Serializable interface, (2) the
SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are
mishandled during unserialization.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
http://www.openwall.com/lists/oss-security/2015/09/07/5
https://usn.ubuntu.com/usn/usn-2758-1

Bugs

https://bugs.php.net/bug.php?id=70172
https://bugs.php.net/bug.php?id=70365
https://bugs.php.net/bug.php?id=70366

Assigned-to

mdeslaur

Notes

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	released (5.5.29,5.6.13)
Ubuntu 14.04 ESM (Trusty Tahr):	released (5.5.9+dfsg-1ubuntu4.13)

Patches:

Upstream:	http://git.php.net/?p=php-src.git;a=commit;h=e8429400d40e3c3aa4b22ba701991d698a2f3b2f
Upstream:	http://git.php.net/?p=php-src.git;a=commit;h=f06a069c462d37c2e009f6d1d93b8c8e7b713393
Upstream:	http://git.php.net/?p=php-src.git;a=commit;h=259057b2a484747a6c73ce54c4fa0f5acbd56179

More Information

Updated: 2019-12-05 18:42:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)