A type confusion vulnerability was found in the unserialize() handlers of the SPL ArrayObject and SPLObjectStorage objects. If a remote attacker is able to pass aribrary data directly to these handlers, it may be possible for them to execute arbitrary code as the user running the php application
UPstream commit http://git.php.net/?p=php-src.git;a=commit;h=a374dfab567ff7f0ab0dc150f14cc891b0340b47
Fixed upstream in PHP 5.4.30 and 5.5.14: http://php.net/ChangeLog-5.php#5.4.30 http://php.net/ChangeLog-5.php#5.5.14
Can someone update https://access.redhat.com/security/cve/CVE-2014-3515 with vulnerable product info, so we know if PHP packages form RHEL-5 and RHEL-6 are affected??
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.
IssueDescription: A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:1012 https://rhn.redhat.com/errata/RHSA-2014-1012.html
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1013 https://rhn.redhat.com/errata/RHSA-2014-1013.html
Write up of the issue from its reporter - Stefan Esser: https://www.sektioneins.de/en/blog/14-08-27-unserialize-typeconfusion.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1766 https://rhn.redhat.com/errata/RHSA-2014-1766.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Via RHSA-2014:1765 https://rhn.redhat.com/errata/RHSA-2014-1765.html