Wind River Support Network

HomeDefectsLIN7-6300

Fixed

LIN7-6300 : Security Advisory - php - CVE-2015-4643

Created: May 31, 2016 Updated: Sep 8, 2018

Resolved Date: Jun 24, 2016

Found In Version: 7.0.0.15

Fix Version: 7.0.0.17

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4643

Other Downloads

Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-4643