Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1425-1

Опубликовано: 06 авг. 2015
Источник: suse-cvrf

Описание

Security update for php5

PHP was updated to fix two security issues.

The following vulnerabilities were fixed:

  • CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721)
  • CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719)

This update ships the php5-opcache package (FATE#319034 bsc#940807) and the php5-posix package. (FATE#319094 bsc#940821)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-33.2
php5-5.5.14-33.2
php5-bcmath-5.5.14-33.2
php5-bz2-5.5.14-33.2
php5-calendar-5.5.14-33.2
php5-ctype-5.5.14-33.2
php5-curl-5.5.14-33.2
php5-dba-5.5.14-33.2
php5-dom-5.5.14-33.2
php5-enchant-5.5.14-33.2
php5-exif-5.5.14-33.2
php5-fastcgi-5.5.14-33.2
php5-fileinfo-5.5.14-33.2
php5-fpm-5.5.14-33.2
php5-ftp-5.5.14-33.2
php5-gd-5.5.14-33.2
php5-gettext-5.5.14-33.2
php5-gmp-5.5.14-33.2
php5-iconv-5.5.14-33.2
php5-intl-5.5.14-33.2
php5-json-5.5.14-33.2
php5-ldap-5.5.14-33.2
php5-mbstring-5.5.14-33.2
php5-mcrypt-5.5.14-33.2
php5-mysql-5.5.14-33.2
php5-odbc-5.5.14-33.2
php5-opcache-5.5.14-33.2
php5-openssl-5.5.14-33.2
php5-pcntl-5.5.14-33.2
php5-pdo-5.5.14-33.2
php5-pear-5.5.14-33.2
php5-pgsql-5.5.14-33.2
php5-posix-5.5.14-33.2
php5-pspell-5.5.14-33.2
php5-shmop-5.5.14-33.2
php5-snmp-5.5.14-33.2
php5-soap-5.5.14-33.2
php5-sockets-5.5.14-33.2
php5-sqlite-5.5.14-33.2
php5-suhosin-5.5.14-33.2
php5-sysvmsg-5.5.14-33.2
php5-sysvsem-5.5.14-33.2
php5-sysvshm-5.5.14-33.2
php5-tokenizer-5.5.14-33.2
php5-wddx-5.5.14-33.2
php5-xmlreader-5.5.14-33.2
php5-xmlrpc-5.5.14-33.2
php5-xmlwriter-5.5.14-33.2
php5-xsl-5.5.14-33.2
php5-zip-5.5.14-33.2
php5-zlib-5.5.14-33.2
SUSE Linux Enterprise Software Development Kit 12
php5-devel-5.5.14-33.2

Описание

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.


Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-33.2

Ссылки

Описание

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.


Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-33.2
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-33.2

Ссылки
Уязвимость SUSE-SU-2015:1425-1