Описание
Security update for php5
PHP was updated to fix two security issues.
The following vulnerabilities were fixed:
- CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721)
- CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719)
This update ships the php5-opcache package (FATE#319034 bsc#940807) and the php5-posix package. (FATE#319094 bsc#940821)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1425-1
- E-Mail link for SUSE-SU-2015:1425-1
- SUSE Security Ratings
- SUSE Bug 938719
- SUSE Bug 938721
- SUSE Bug 940807
- SUSE Bug 940821
- SUSE CVE CVE-2015-5589 page
- SUSE CVE CVE-2015-5590 page
Описание
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.
Затронутые продукты
Ссылки
- CVE-2015-5589
- SUSE Bug 935074
- SUSE Bug 938721
- SUSE Bug 980366
Описание
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
Затронутые продукты
Ссылки
- CVE-2015-5590
- SUSE Bug 935074
- SUSE Bug 938719
- SUSE Bug 980366