Launchpad.net

CVE 2015-4116

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

Related bugs and status

CVE-2015-4116 (Candidate) is related to these bugs:

Bug #1315888: Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist

		In	Importance	Status
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php	Unknown	Unknown
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu Trusty)	High	Fix Released
1315888	Zlib functions (gzopen etc.) are undefined while gzopen64 etc. exist	php5 (Ubuntu)	High	Fix Released

Bug #1594041: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported

		In	Importance	Status
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Wily)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Trusty)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Yakkety)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Precise)	Medium	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php5 (Ubuntu Xenial)	Undecided	Fix Released
1594041	PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported	php	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-4116

Related bugs and status

Related bugs

References