[Bug 1230917] Re: [SRU] php5-fpm logrotate errors after package switched to upstart

Launchpad Bug Tracker 1230917 at bugs.launchpad.net
Mon Apr 20 15:39:57 UTC 2015 

This bug was fixed in the package php5 - 5.5.9+dfsg-1ubuntu4.9

---------------
php5 (5.5.9+dfsg-1ubuntu4.9) trusty-security; urgency=medium

  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: move_uploaded_file filename restriction bypass
    - debian/patches/CVE-2015-2348.patch: handle nulls in
      ext/standard/basic_functions.c.
    - CVE-2015-2348
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Fri, 17 Apr 2015 05:28:02 -0400

** Changed in: php5 (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2305

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2348

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2783

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2787

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1230917

Title:
  [SRU] php5-fpm logrotate errors after package switched to upstart

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1230917/+subscriptions

More information about the Ubuntu-server-bugs mailing list