Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-6831

Published: 27 August 2015

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

Priority

Medium

CVSS 3 base score: 7.3

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
upstream
Released (5.6.12+dfsg-1)
precise
Released (5.3.10-1ubuntu3.20)
trusty
Released (5.5.9+dfsg-1ubuntu4.13)
vivid
Released (5.6.4+dfsg-4ubuntu6.3)
Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=7381b6accc5559b2de039af3a22f6ec1003b03b3
upstream: http://git.php.net/?p=php-src.git;a=commit;h=c2e197e4efc663ca55f393bf0e799848842286f3
upstream: http://git.php.net/?p=php-src.git;a=commit;h=863bf294feb9ad425eadb94f288bc7f18673089d