This bug was fixed in the package php5 - 5.5.9+dfsg-1ubuntu4.9
--------------- php5 (5.5.9+dfsg-1ubuntu4.9) trusty-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: move_uploaded_file filename restriction bypass - debian/patches/CVE-2015-2348.patch: handle nulls in ext/standard/basic_functions.c. - CVE-2015-2348 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787 -- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:28:02 -0400
This bug was fixed in the package php5 - 5.5.9+dfsg- 1ubuntu4. 9
--------------- dfsg-1ubuntu4. 9) trusty-security; urgency=medium
php5 (5.5.9+
* SECURITY UPDATE: potential remote code execution vulnerability when apache2handler/ sapi_apache2. c. phar/phar_ internal. h. patches/ CVE-2015- 2305.patch: check for overflow in ereg/regex/ regcomp. c. patches/ CVE-2015- 2348.patch: handle nulls in standard/ basic_functions .c. patches/ CVE-2015- 2783.patch: properly check lengths in phar/phar. c, ext/phar/ phar_internal. h. patches/ CVE-2015- 2787.patch: fix logic in standard/ var_unserialize r.*.
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/
ext/
- CVE-2015-2305
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/
ext/
- CVE-2015-2348
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/
ext/
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/
ext/
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:28:02 -0400