Main Vulnerability Database SB2015021910

SB2015021910 - Fedora 21 update for php

Published: February 19, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015021910

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free error (CVE-ID: CVE-2015-0273)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Out-of-bounds write (CVE-ID: CVE-2015-0235)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc. A remote attacker can execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2015-2315