SB2016011916 - Multiple vulnerabilities in PHP

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2015-8616)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

2) Input validation error (CVE-ID: CVE-2015-6527)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.

Remediation

Install update from vendor's website.

References

• http://php.net/ChangeLog-7.php
• https://bugs.php.net/bug.php?id=71020
• http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
• http://www.openwall.com/lists/oss-security/2015/07/30/11
• https://bugs.php.net/bug.php?id=70140