Описание
Security update for php5
This security update of PHP fixes the following issues:
Security issues fixed:
- CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability.
- CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.
- CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow.
- CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL.
- CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure.
- CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
- CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
- CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
- CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
- CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
- CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
Bugs fixed:
- configure php-fpm with --localstatedir=/var [bnc#927147]
- fix timezone map [bnc#919080]
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1253-1
- E-Mail link for SUSE-SU-2015:1253-1
- SUSE Security Ratings
- SUSE Bug 919080
- SUSE Bug 927147
- SUSE Bug 931421
- SUSE Bug 931769
- SUSE Bug 931772
- SUSE Bug 931776
- SUSE Bug 933227
- SUSE Bug 935224
- SUSE Bug 935226
- SUSE Bug 935227
- SUSE Bug 935232
- SUSE Bug 935234
- SUSE Bug 935274
- SUSE Bug 935275
- SUSE CVE CVE-2015-3411 page
- SUSE CVE CVE-2015-3412 page
- SUSE CVE CVE-2015-4021 page
Описание
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
Затронутые продукты
Ссылки
- CVE-2015-3411
- SUSE Bug 935074
- SUSE Bug 935227
- SUSE Bug 935229
- SUSE Bug 935232
- SUSE Bug 980366
Описание
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.
Затронутые продукты
Ссылки
- CVE-2015-3412
- SUSE Bug 935227
- SUSE Bug 935229
- SUSE Bug 935232
- SUSE Bug 980366
Описание
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
Затронутые продукты
Ссылки
- CVE-2015-4021
- SUSE Bug 931769
- SUSE Bug 935074
- SUSE Bug 980366
Описание
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-4022
- SUSE Bug 931769
- SUSE Bug 931772
- SUSE Bug 935275
- SUSE Bug 980366
Описание
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
Затронутые продукты
Ссылки
- CVE-2015-4024
- SUSE Bug 931421
- SUSE Bug 980366
Описание
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Затронутые продукты
Ссылки
- CVE-2015-4026
- SUSE Bug 931776
- SUSE Bug 935227
- SUSE Bug 980366
Описание
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
Затронутые продукты
Ссылки
- CVE-2015-4148
- SUSE Bug 933227
- SUSE Bug 935074
- SUSE Bug 935226
- SUSE Bug 980366
Описание
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
Затронутые продукты
Ссылки
- CVE-2015-4598
- SUSE Bug 935227
- SUSE Bug 935232
- SUSE Bug 980366
Описание
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
Затронутые продукты
Ссылки
- CVE-2015-4599
- SUSE Bug 935074
- SUSE Bug 935226
- SUSE Bug 935234
- SUSE Bug 980366
Описание
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.
Затронутые продукты
Ссылки
- CVE-2015-4600
- SUSE Bug 935226
- SUSE Bug 935234
- SUSE Bug 980366
Описание
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
Затронутые продукты
Ссылки
- CVE-2015-4601
- SUSE Bug 935226
- SUSE Bug 935234
- SUSE Bug 980366
Описание
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
Затронутые продукты
Ссылки
- CVE-2015-4602
- SUSE Bug 935074
- SUSE Bug 935224
- SUSE Bug 935226
- SUSE Bug 980366
Описание
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
Затронутые продукты
Ссылки
- CVE-2015-4603
- SUSE Bug 935074
- SUSE Bug 935226
- SUSE Bug 935234
- SUSE Bug 980366
Описание
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.
Затронутые продукты
Ссылки
- CVE-2015-4643
- SUSE Bug 931769
- SUSE Bug 935074
- SUSE Bug 935275
- SUSE Bug 980366
Описание
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.
Затронутые продукты
Ссылки
- CVE-2015-4644
- SUSE Bug 935074
- SUSE Bug 935274
- SUSE Bug 980366