Bugzilla – Bug 928408
VUL-0: CVE-2015-3330: php5,php53: remote code execution with apache 2.4 apache2handler
Last modified: 2016-04-27 19:37:51 UTC
PHP versions 5.4.40 and 5.5.24 fix a vulnerability which potentially might allow a remote code execution with apache 2.4 apache2handler. Upstream bug: https://bugs.php.net/bug.php?id=69218 Upstream fix: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 The affected code is all PHP versions. However if only apache2.4 triggers the issue, this makes only SLE 12 affected. References: https://bugzilla.redhat.com/show_bug.cgi?id=1213394 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3330 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3330.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
bugbot adjusting priority
Hmm, I *think* I have reproduced it once with 5.6.7, but never more. I'll submit everywhere we have apache 2.4.
openSUSE: mr#304307 sle12: mr#56496 11sp3: sr#56494
openSUSE-SU-2015:0855-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 927147,928408,928506,928511 CVE References: CVE-2015-2783,CVE-2015-3329,CVE-2015-3330 Sources used: openSUSE 13.2 (src): php5-5.6.1-21.1 openSUSE 13.1 (src): php5-5.4.20-52.1
SUSE-SU-2015:0868-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 922022,922451,922452,923946,924970,924972,925109,928408,928506,928511 CVE References: CVE-2014-9705,CVE-2014-9709,CVE-2015-2301,CVE-2015-2305,CVE-2015-2348,CVE-2015-2783,CVE-2015-2787,CVE-2015-3329,CVE-2015-3330 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-22.1
released