FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1b61ecef-cdb9-11e6-a9a5-b499baebfeafPHP -- multiple vulnerabilities

Check Point reports:

... discovered 3 fresh and previously unknown vulnerabilities (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize mechanism.

The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the website, from spreading malware to defacing it or stealing customer data.

The last vulnerability generates a Denial of Service attack which basically hangs the website, exhausts its memory consumption, and shuts it down.

The PHP security team issued fixes for two of the vulnerabilities on the 13th of October and 1st of December.


Discovery 2016-12-27
Entry 2016-12-29
Modified 2017-01-04
php70
< 7.0.14

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/
CVE-2016-7478
CVE-2016-7479
CVE-2016-7480
709e025a-de8b-11e6-a9a5-b499baebfeafPHP -- undisclosed vulnerabilities

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release.

The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several security bugs were fixed in this release.


Discovery 2017-01-19
Entry 2017-01-19
Modified 2017-01-20
php56
< 5.6.30

php70
< 7.0.15

http://php.net/archive/2017.php#id2017-01-19-2
http://php.net/archive/2017.php#id2017-01-19-3
2d56308b-c0a8-11e6-a9a5-b499baebfeafPHP -- Multiple vulnerabilities

The PHP project reports:

This is a security release. Several security bugs were fixed in this release.


Discovery 2016-12-12
Entry 2016-12-12
php56
< 5.6.29

php70
< 7.0.14

http://php.net/archive/2016.php#id2016-12-08-1
http://php.net/archive/2016.php#id2016-12-08-2
de7a2b32-bd7d-11e7-b627-d43d7e971a1bPHP -- denial of service attack

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.


Discovery 2017-10-26
Entry 2017-10-30
Modified 2017-11-14
php56
< 5.6.32

php70
< 7.0.25

php71
< 7.1.11

http://php.net/archive/2017.php#id2017-10-26-3
http://php.net/archive/2017.php#id2017-10-26-1
http://php.net/archive/2017.php#id2017-10-27-1
CVE-2016-1283
6972668d-cdb7-11e6-a9a5-b499baebfeafPHP -- multiple vulnerabilities

The PHP project reports:

  • Use After Free Vulnerability in unserialize() (CVE-2016-9936)
  • Invalid read when wddx decodes empty boolean element (CVE-2016-9935)

Discovery 2016-12-08
Entry 2016-12-29
php70
< 7.0.14

http://php.net/ChangeLog-7.php#7.0.14
CVE-2016-9935
CVE-2016-9936