Описание
Security update for php5
PHP was updated to fix ten security issues.
The following vulnerabilities were fixed:
- CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd (bnc#923946)
- CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)
- CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)
- CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)
- CVE-2015-2787: use-after-free vulnerability in the process_nested_data function (bnc#924972)
- unserialize SoapClient type confusion (bnc#925109)
- CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering a x00 character (bnc#924970)
- CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506)
- CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506)
- CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0868-1
- E-Mail link for SUSE-SU-2015:0868-1
- SUSE Security Ratings
- SUSE Bug 922022
- SUSE Bug 922451
- SUSE Bug 922452
- SUSE Bug 923946
- SUSE Bug 924970
- SUSE Bug 924972
- SUSE Bug 925109
- SUSE Bug 928408
- SUSE Bug 928506
- SUSE Bug 928511
- SUSE CVE CVE-2014-9705 page
- SUSE CVE CVE-2014-9709 page
- SUSE CVE CVE-2015-2301 page
- SUSE CVE CVE-2015-2305 page
- SUSE CVE CVE-2015-2348 page
- SUSE CVE CVE-2015-2783 page
- SUSE CVE CVE-2015-2787 page
Описание
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
Затронутые продукты
Ссылки
- CVE-2014-9705
- SUSE Bug 922451
- SUSE Bug 980366
Описание
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
Затронутые продукты
Ссылки
- CVE-2014-9709
- SUSE Bug 923945
- SUSE Bug 923946
- SUSE Bug 980366
Описание
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
Затронутые продукты
Ссылки
- CVE-2015-2301
- SUSE Bug 922452
- SUSE Bug 980366
Описание
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-2305
- SUSE Bug 1040662
- SUSE Bug 921950
- SUSE Bug 922022
- SUSE Bug 922028
- SUSE Bug 922030
- SUSE Bug 922043
- SUSE Bug 922560
- SUSE Bug 922567
- SUSE Bug 929192
- SUSE Bug 980366
Описание
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Затронутые продукты
Ссылки
- CVE-2015-2348
- SUSE Bug 924970
- SUSE Bug 935227
Описание
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
Затронутые продукты
Ссылки
- CVE-2015-2783
- SUSE Bug 928408
- SUSE Bug 928506
- SUSE Bug 928511
- SUSE Bug 931418
- SUSE Bug 980366
Описание
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
Затронутые продукты
Ссылки
- CVE-2015-2787
- SUSE Bug 924972
- SUSE Bug 980366
Описание
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
Затронутые продукты
Ссылки
- CVE-2015-3329
- SUSE Bug 928408
- SUSE Bug 928506
- SUSE Bug 928511
- SUSE Bug 980366
Описание
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
Затронутые продукты
Ссылки
- CVE-2015-3330
- SUSE Bug 908782
- SUSE Bug 928408
- SUSE Bug 928506
- SUSE Bug 928511