SUSE-SU-2015:1466-1

Опубликовано: 29 июл. 2015

Источник: suse-cvrf

Описание

Security update for php53

PHP was updated to fix two security issues.

The following vulnerabilities were fixed:

CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service (DOS) (bsc#938721)
CVE-2015-5590: PHP could be crashed or have unspecified other impact due to a buffer overlow in phar_fix_filepath (bsc#938719)

Список пакетов

SUSE Linux Enterprise Server 11 SP3

apache2-mod_php53-5.3.17-45.1

php53-5.3.17-45.1

php53-bcmath-5.3.17-45.1

php53-bz2-5.3.17-45.1

php53-calendar-5.3.17-45.1

php53-ctype-5.3.17-45.1

php53-curl-5.3.17-45.1

php53-dba-5.3.17-45.1

php53-dom-5.3.17-45.1

php53-exif-5.3.17-45.1

php53-fastcgi-5.3.17-45.1

php53-fileinfo-5.3.17-45.1

php53-ftp-5.3.17-45.1

php53-gd-5.3.17-45.1

php53-gettext-5.3.17-45.1

php53-gmp-5.3.17-45.1

php53-iconv-5.3.17-45.1

php53-intl-5.3.17-45.1

php53-json-5.3.17-45.1

php53-ldap-5.3.17-45.1

php53-mbstring-5.3.17-45.1

php53-mcrypt-5.3.17-45.1

php53-mysql-5.3.17-45.1

php53-odbc-5.3.17-45.1

php53-openssl-5.3.17-45.1

php53-pcntl-5.3.17-45.1

php53-pdo-5.3.17-45.1

php53-pear-5.3.17-45.1

php53-pgsql-5.3.17-45.1

php53-pspell-5.3.17-45.1

php53-shmop-5.3.17-45.1

php53-snmp-5.3.17-45.1

php53-soap-5.3.17-45.1

php53-suhosin-5.3.17-45.1

php53-sysvmsg-5.3.17-45.1

php53-sysvsem-5.3.17-45.1

php53-sysvshm-5.3.17-45.1

php53-tokenizer-5.3.17-45.1

php53-wddx-5.3.17-45.1

php53-xmlreader-5.3.17-45.1

php53-xmlrpc-5.3.17-45.1

php53-xmlwriter-5.3.17-45.1

php53-xsl-5.3.17-45.1

php53-zip-5.3.17-45.1

php53-zlib-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

apache2-mod_php53-5.3.17-45.1

php53-5.3.17-45.1

php53-bcmath-5.3.17-45.1

php53-bz2-5.3.17-45.1

php53-calendar-5.3.17-45.1

php53-ctype-5.3.17-45.1

php53-curl-5.3.17-45.1

php53-dba-5.3.17-45.1

php53-dom-5.3.17-45.1

php53-exif-5.3.17-45.1

php53-fastcgi-5.3.17-45.1

php53-fileinfo-5.3.17-45.1

php53-ftp-5.3.17-45.1

php53-gd-5.3.17-45.1

php53-gettext-5.3.17-45.1

php53-gmp-5.3.17-45.1

php53-iconv-5.3.17-45.1

php53-intl-5.3.17-45.1

php53-json-5.3.17-45.1

php53-ldap-5.3.17-45.1

php53-mbstring-5.3.17-45.1

php53-mcrypt-5.3.17-45.1

php53-mysql-5.3.17-45.1

php53-odbc-5.3.17-45.1

php53-openssl-5.3.17-45.1

php53-pcntl-5.3.17-45.1

php53-pdo-5.3.17-45.1

php53-pear-5.3.17-45.1

php53-pgsql-5.3.17-45.1

php53-pspell-5.3.17-45.1

php53-shmop-5.3.17-45.1

php53-snmp-5.3.17-45.1

php53-soap-5.3.17-45.1

php53-suhosin-5.3.17-45.1

php53-sysvmsg-5.3.17-45.1

php53-sysvsem-5.3.17-45.1

php53-sysvshm-5.3.17-45.1

php53-tokenizer-5.3.17-45.1

php53-wddx-5.3.17-45.1

php53-xmlreader-5.3.17-45.1

php53-xmlrpc-5.3.17-45.1

php53-xmlwriter-5.3.17-45.1

php53-xsl-5.3.17-45.1

php53-zip-5.3.17-45.1

php53-zlib-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP4

apache2-mod_php53-5.3.17-45.1

php53-5.3.17-45.1

php53-bcmath-5.3.17-45.1

php53-bz2-5.3.17-45.1

php53-calendar-5.3.17-45.1

php53-ctype-5.3.17-45.1

php53-curl-5.3.17-45.1

php53-dba-5.3.17-45.1

php53-dom-5.3.17-45.1

php53-exif-5.3.17-45.1

php53-fastcgi-5.3.17-45.1

php53-fileinfo-5.3.17-45.1

php53-ftp-5.3.17-45.1

php53-gd-5.3.17-45.1

php53-gettext-5.3.17-45.1

php53-gmp-5.3.17-45.1

php53-iconv-5.3.17-45.1

php53-intl-5.3.17-45.1

php53-json-5.3.17-45.1

php53-ldap-5.3.17-45.1

php53-mbstring-5.3.17-45.1

php53-mcrypt-5.3.17-45.1

php53-mysql-5.3.17-45.1

php53-odbc-5.3.17-45.1

php53-openssl-5.3.17-45.1

php53-pcntl-5.3.17-45.1

php53-pdo-5.3.17-45.1

php53-pear-5.3.17-45.1

php53-pgsql-5.3.17-45.1

php53-pspell-5.3.17-45.1

php53-shmop-5.3.17-45.1

php53-snmp-5.3.17-45.1

php53-soap-5.3.17-45.1

php53-suhosin-5.3.17-45.1

php53-sysvmsg-5.3.17-45.1

php53-sysvsem-5.3.17-45.1

php53-sysvshm-5.3.17-45.1

php53-tokenizer-5.3.17-45.1

php53-wddx-5.3.17-45.1

php53-xmlreader-5.3.17-45.1

php53-xmlrpc-5.3.17-45.1

php53-xmlwriter-5.3.17-45.1

php53-xsl-5.3.17-45.1

php53-zip-5.3.17-45.1

php53-zlib-5.3.17-45.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

apache2-mod_php53-5.3.17-45.1

php53-5.3.17-45.1

php53-bcmath-5.3.17-45.1

php53-bz2-5.3.17-45.1

php53-calendar-5.3.17-45.1

php53-ctype-5.3.17-45.1

php53-curl-5.3.17-45.1

php53-dba-5.3.17-45.1

php53-dom-5.3.17-45.1

php53-exif-5.3.17-45.1

php53-fastcgi-5.3.17-45.1

php53-fileinfo-5.3.17-45.1

php53-ftp-5.3.17-45.1

php53-gd-5.3.17-45.1

php53-gettext-5.3.17-45.1

php53-gmp-5.3.17-45.1

php53-iconv-5.3.17-45.1

php53-intl-5.3.17-45.1

php53-json-5.3.17-45.1

php53-ldap-5.3.17-45.1

php53-mbstring-5.3.17-45.1

php53-mcrypt-5.3.17-45.1

php53-mysql-5.3.17-45.1

php53-odbc-5.3.17-45.1

php53-openssl-5.3.17-45.1

php53-pcntl-5.3.17-45.1

php53-pdo-5.3.17-45.1

php53-pear-5.3.17-45.1

php53-pgsql-5.3.17-45.1

php53-pspell-5.3.17-45.1

php53-shmop-5.3.17-45.1

php53-snmp-5.3.17-45.1

php53-soap-5.3.17-45.1

php53-suhosin-5.3.17-45.1

php53-sysvmsg-5.3.17-45.1

php53-sysvsem-5.3.17-45.1

php53-sysvshm-5.3.17-45.1

php53-tokenizer-5.3.17-45.1

php53-wddx-5.3.17-45.1

php53-xmlreader-5.3.17-45.1

php53-xmlrpc-5.3.17-45.1

php53-xmlwriter-5.3.17-45.1

php53-xsl-5.3.17-45.1

php53-zip-5.3.17-45.1

php53-zlib-5.3.17-45.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

apache2-mod_php53-5.3.17-45.1

php53-5.3.17-45.1

php53-bcmath-5.3.17-45.1

php53-bz2-5.3.17-45.1

php53-calendar-5.3.17-45.1

php53-ctype-5.3.17-45.1

php53-curl-5.3.17-45.1

php53-dba-5.3.17-45.1

php53-dom-5.3.17-45.1

php53-exif-5.3.17-45.1

php53-fastcgi-5.3.17-45.1

php53-fileinfo-5.3.17-45.1

php53-ftp-5.3.17-45.1

php53-gd-5.3.17-45.1

php53-gettext-5.3.17-45.1

php53-gmp-5.3.17-45.1

php53-iconv-5.3.17-45.1

php53-intl-5.3.17-45.1

php53-json-5.3.17-45.1

php53-ldap-5.3.17-45.1

php53-mbstring-5.3.17-45.1

php53-mcrypt-5.3.17-45.1

php53-mysql-5.3.17-45.1

php53-odbc-5.3.17-45.1

php53-openssl-5.3.17-45.1

php53-pcntl-5.3.17-45.1

php53-pdo-5.3.17-45.1

php53-pear-5.3.17-45.1

php53-pgsql-5.3.17-45.1

php53-pspell-5.3.17-45.1

php53-shmop-5.3.17-45.1

php53-snmp-5.3.17-45.1

php53-soap-5.3.17-45.1

php53-suhosin-5.3.17-45.1

php53-sysvmsg-5.3.17-45.1

php53-sysvsem-5.3.17-45.1

php53-sysvshm-5.3.17-45.1

php53-tokenizer-5.3.17-45.1

php53-wddx-5.3.17-45.1

php53-xmlreader-5.3.17-45.1

php53-xmlrpc-5.3.17-45.1

php53-xmlwriter-5.3.17-45.1

php53-xsl-5.3.17-45.1

php53-zip-5.3.17-45.1

php53-zlib-5.3.17-45.1

SUSE Linux Enterprise Software Development Kit 11 SP3

php53-devel-5.3.17-45.1

php53-imap-5.3.17-45.1

php53-posix-5.3.17-45.1

php53-readline-5.3.17-45.1

php53-sockets-5.3.17-45.1

php53-sqlite-5.3.17-45.1

php53-tidy-5.3.17-45.1

SUSE Linux Enterprise Software Development Kit 11 SP4

php53-devel-5.3.17-45.1

php53-imap-5.3.17-45.1

php53-posix-5.3.17-45.1

php53-readline-5.3.17-45.1

php53-sockets-5.3.17-45.1

php53-sqlite-5.3.17-45.1

php53-tidy-5.3.17-45.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151466-1/
Link for SUSE-SU-2015:1466-1
https://lists.suse.com/pipermail/sle-security-updates/2015-August/001558.html
E-Mail link for SUSE-SU-2015:1466-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/938719
SUSE Bug 938719
https://bugzilla.suse.com/938721
SUSE Bug 938721
https://www.suse.com/security/cve/CVE-2015-5589/
SUSE CVE CVE-2015-5589 page
https://www.suse.com/security/cve/CVE-2015-5590/
SUSE CVE CVE-2015-5590 page

Описание

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_php53-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-bcmath-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-bz2-5.3.17-45.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-5589.html
CVE-2015-5589
https://bugzilla.suse.com/935074
SUSE Bug 935074
https://bugzilla.suse.com/938721
SUSE Bug 938721
https://bugzilla.suse.com/980366
SUSE Bug 980366

Описание

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP3-TERADATA:apache2-mod_php53-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-bcmath-5.3.17-45.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:php53-bz2-5.3.17-45.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-5590.html
CVE-2015-5590
https://bugzilla.suse.com/935074
SUSE Bug 935074
https://bugzilla.suse.com/938719
SUSE Bug 938719
https://bugzilla.suse.com/980366
SUSE Bug 980366

SUSE-SU-2015:1466-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP3

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP3

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2015-5589

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2015-5590

Описание

Затронутые продукты

Ссылки