Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1253-2

Опубликовано: 23 июн. 2015
Источник: suse-cvrf

Описание

Security update for php5

This security update of PHP fixes the following issues:

Security issues fixed:

  • CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability.
  • CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.
  • CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow.
  • CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL.
  • CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure.
  • CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
  • CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
  • CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
  • CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
  • CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
  • CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.

Bugs fixed:

  • configure php-fpm with --localstatedir=/var [bnc#927147]
  • fix timezone map [bnc#919080]

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-30.1
php5-5.5.14-30.1
php5-bcmath-5.5.14-30.1
php5-bz2-5.5.14-30.1
php5-calendar-5.5.14-30.1
php5-ctype-5.5.14-30.1
php5-curl-5.5.14-30.1
php5-dba-5.5.14-30.1
php5-dom-5.5.14-30.1
php5-enchant-5.5.14-30.1
php5-exif-5.5.14-30.1
php5-fastcgi-5.5.14-30.1
php5-fileinfo-5.5.14-30.1
php5-fpm-5.5.14-30.1
php5-ftp-5.5.14-30.1
php5-gd-5.5.14-30.1
php5-gettext-5.5.14-30.1
php5-gmp-5.5.14-30.1
php5-iconv-5.5.14-30.1
php5-intl-5.5.14-30.1
php5-json-5.5.14-30.1
php5-ldap-5.5.14-30.1
php5-mbstring-5.5.14-30.1
php5-mcrypt-5.5.14-30.1
php5-mysql-5.5.14-30.1
php5-odbc-5.5.14-30.1
php5-openssl-5.5.14-30.1
php5-pcntl-5.5.14-30.1
php5-pdo-5.5.14-30.1
php5-pear-5.5.14-30.1
php5-pgsql-5.5.14-30.1
php5-pspell-5.5.14-30.1
php5-shmop-5.5.14-30.1
php5-snmp-5.5.14-30.1
php5-soap-5.5.14-30.1
php5-sockets-5.5.14-30.1
php5-sqlite-5.5.14-30.1
php5-suhosin-5.5.14-30.1
php5-sysvmsg-5.5.14-30.1
php5-sysvsem-5.5.14-30.1
php5-sysvshm-5.5.14-30.1
php5-tokenizer-5.5.14-30.1
php5-wddx-5.5.14-30.1
php5-xmlreader-5.5.14-30.1
php5-xmlrpc-5.5.14-30.1
php5-xmlwriter-5.5.14-30.1
php5-xsl-5.5.14-30.1
php5-zip-5.5.14-30.1
php5-zlib-5.5.14-30.1

Ссылки

Описание

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки

Описание

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1
Ссылки
Уязвимость SUSE-SU-2015:1253-2