{"id":"USN-2572-1","summary":"php5 vulnerabilities","details":"It was discovered that PHP incorrectly handled cleanup when used with\nApache 2.4. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-3330)\n\nIt was discovered that PHP incorrectly handled opening tar, zip or phar\narchives through the PHAR extension. A remote attacker could use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-3329)\n\nIt was discovered that PHP incorrectly handled regular expressions. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2015-2305)\n\nPaulos Yibelo discovered that PHP incorrectly handled moving files when a\npathname contained a null character. A remote attacker could use this issue\nto possibly bypass filename restrictions. This issue only applied to\nUbuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2348)\n\nIt was discovered that PHP incorrectly handled unserializing PHAR files. A\nremote attacker could use this issue to cause PHP to possibly expose\nsensitive information. (CVE-2015-2783)\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing certain\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-2787)\n","modified":"2026-04-24T09:02:36.982487522Z","published":"2015-04-20T15:58:33Z","related":["UBUNTU-CVE-2015-2305","UBUNTU-CVE-2015-2348","UBUNTU-CVE-2015-2783","UBUNTU-CVE-2015-2787","UBUNTU-CVE-2015-3329","UBUNTU-CVE-2015-3330"],"upstream":["CVE-2015-2348","CVE-2015-2783","CVE-2015-2787","CVE-2015-3329","CVE-2015-3330","UBUNTU-CVE-2015-2348","UBUNTU-CVE-2015-2783","UBUNTU-CVE-2015-2787","UBUNTU-CVE-2015-3329","UBUNTU-CVE-2015-3330"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2572-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2348"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2783"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2787"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3329"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3330"}],"affected":[{"package":{"name":"php5","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.9?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.9+dfsg-1ubuntu4.9"}]}],"versions":["5.5.3+dfsg-1ubuntu2","5.5.3+dfsg-1ubuntu3","5.5.6+dfsg-1ubuntu1","5.5.6+dfsg-1ubuntu2","5.5.8+dfsg-2ubuntu1","5.5.9+dfsg-1ubuntu1","5.5.9+dfsg-1ubuntu2","5.5.9+dfsg-1ubuntu3","5.5.9+dfsg-1ubuntu4","5.5.9+dfsg-1ubuntu4.1","5.5.9+dfsg-1ubuntu4.2","5.5.9+dfsg-1ubuntu4.3","5.5.9+dfsg-1ubuntu4.4","5.5.9+dfsg-1ubuntu4.5","5.5.9+dfsg-1ubuntu4.6","5.5.9+dfsg-1ubuntu4.7"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php5","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"libapache2-mod-php5filter","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"libphp5-embed","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php-pear","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-cgi","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-cli","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-common","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-curl","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-enchant","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-fpm","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-gd","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-gmp","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-intl","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-ldap","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-mysql","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-mysqlnd","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-odbc","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-pgsql","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-pspell","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-readline","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-recode","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-snmp","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-sqlite","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-sybase","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-tidy","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-xmlrpc","binary_version":"5.5.9+dfsg-1ubuntu4.9"},{"binary_name":"php5-xsl","binary_version":"5.5.9+dfsg-1ubuntu4.9"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2572-1.json","cves_map":{"cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-2348"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2783"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-2787"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-3329"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-3330"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}