Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0424-1

Опубликовано: 26 фев. 2015
Источник: suse-cvrf

Описание

Security update for php5

php5 was updated to fix two security issues.

These security issues were fixed:

  • CVE-2014-9652: Out of bounds read in mconvert() (bnc#917150).
  • CVE-2015-0273: Use after free vulnerability in unserialize() with DateTimeZone (bnc#918768).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-15.1
php5-5.5.14-15.1
php5-bcmath-5.5.14-15.1
php5-bz2-5.5.14-15.1
php5-calendar-5.5.14-15.1
php5-ctype-5.5.14-15.1
php5-curl-5.5.14-15.1
php5-dba-5.5.14-15.1
php5-dom-5.5.14-15.1
php5-enchant-5.5.14-15.1
php5-exif-5.5.14-15.1
php5-fastcgi-5.5.14-15.1
php5-fileinfo-5.5.14-15.1
php5-fpm-5.5.14-15.1
php5-ftp-5.5.14-15.1
php5-gd-5.5.14-15.1
php5-gettext-5.5.14-15.1
php5-gmp-5.5.14-15.1
php5-iconv-5.5.14-15.1
php5-intl-5.5.14-15.1
php5-json-5.5.14-15.1
php5-ldap-5.5.14-15.1
php5-mbstring-5.5.14-15.1
php5-mcrypt-5.5.14-15.1
php5-mysql-5.5.14-15.1
php5-odbc-5.5.14-15.1
php5-openssl-5.5.14-15.1
php5-pcntl-5.5.14-15.1
php5-pdo-5.5.14-15.1
php5-pear-5.5.14-15.1
php5-pgsql-5.5.14-15.1
php5-pspell-5.5.14-15.1
php5-shmop-5.5.14-15.1
php5-snmp-5.5.14-15.1
php5-soap-5.5.14-15.1
php5-sockets-5.5.14-15.1
php5-sqlite-5.5.14-15.1
php5-suhosin-5.5.14-15.1
php5-sysvmsg-5.5.14-15.1
php5-sysvsem-5.5.14-15.1
php5-sysvshm-5.5.14-15.1
php5-tokenizer-5.5.14-15.1
php5-wddx-5.5.14-15.1
php5-xmlreader-5.5.14-15.1
php5-xmlrpc-5.5.14-15.1
php5-xmlwriter-5.5.14-15.1
php5-xsl-5.5.14-15.1
php5-zip-5.5.14-15.1
php5-zlib-5.5.14-15.1
SUSE Linux Enterprise Software Development Kit 12
php5-devel-5.5.14-15.1

Ссылки

Описание

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-15.1
Ссылки

Описание

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-15.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-15.1
Ссылки
Уязвимость SUSE-SU-2015:0424-1