CVE-2015-3330

Published: 20 April 2015

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Priority

Status

Package	Release	Status
php5 Launchpad, Ubuntu, Debian	lucid	Released (5.3.2-1ubuntu4.30)
	precise	Released (5.3.10-1ubuntu3.18)
	trusty	Released (5.5.9+dfsg-1ubuntu4.9)
	upstream	Needs triage
	utopic	Released (5.5.12+dfsg-2ubuntu4.4)
	Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7

References

https://ubuntu.com/security/notices/USN-2572-1
https://www.cve.org/CVERecord?id=CVE-2015-3330
NVD
Launchpad
Debian

Bugs

https://bugs.php.net/bug.php?id=69218
https://bugs.php.net/bug.php?id=68486

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›