Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1701-1

Опубликовано: 17 сент. 2015
Источник: suse-cvrf

Описание

Security update for php5

The PHP5 script interpreter was updated to fix security issues:

  • CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]
  • CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412]

Список пакетов

SUSE Linux Enterprise Server 11 SP2-LTSS
apache2-mod_php5-5.2.14-0.7.30.72.1
php5-5.2.14-0.7.30.72.1
php5-bcmath-5.2.14-0.7.30.72.1
php5-bz2-5.2.14-0.7.30.72.1
php5-calendar-5.2.14-0.7.30.72.1
php5-ctype-5.2.14-0.7.30.72.1
php5-curl-5.2.14-0.7.30.72.1
php5-dba-5.2.14-0.7.30.72.1
php5-dbase-5.2.14-0.7.30.72.1
php5-dom-5.2.14-0.7.30.72.1
php5-exif-5.2.14-0.7.30.72.1
php5-fastcgi-5.2.14-0.7.30.72.1
php5-ftp-5.2.14-0.7.30.72.1
php5-gd-5.2.14-0.7.30.72.1
php5-gettext-5.2.14-0.7.30.72.1
php5-gmp-5.2.14-0.7.30.72.1
php5-hash-5.2.14-0.7.30.72.1
php5-iconv-5.2.14-0.7.30.72.1
php5-json-5.2.14-0.7.30.72.1
php5-ldap-5.2.14-0.7.30.72.1
php5-mbstring-5.2.14-0.7.30.72.1
php5-mcrypt-5.2.14-0.7.30.72.1
php5-mysql-5.2.14-0.7.30.72.1
php5-odbc-5.2.14-0.7.30.72.1
php5-openssl-5.2.14-0.7.30.72.1
php5-pcntl-5.2.14-0.7.30.72.1
php5-pdo-5.2.14-0.7.30.72.1
php5-pear-5.2.14-0.7.30.72.1
php5-pgsql-5.2.14-0.7.30.72.1
php5-pspell-5.2.14-0.7.30.72.1
php5-shmop-5.2.14-0.7.30.72.1
php5-snmp-5.2.14-0.7.30.72.1
php5-soap-5.2.14-0.7.30.72.1
php5-suhosin-5.2.14-0.7.30.72.1
php5-sysvmsg-5.2.14-0.7.30.72.1
php5-sysvsem-5.2.14-0.7.30.72.1
php5-sysvshm-5.2.14-0.7.30.72.1
php5-tokenizer-5.2.14-0.7.30.72.1
php5-wddx-5.2.14-0.7.30.72.1
php5-xmlreader-5.2.14-0.7.30.72.1
php5-xmlrpc-5.2.14-0.7.30.72.1
php5-xmlwriter-5.2.14-0.7.30.72.1
php5-xsl-5.2.14-0.7.30.72.1
php5-zip-5.2.14-0.7.30.72.1
php5-zlib-5.2.14-0.7.30.72.1

Ссылки

Описание

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bcmath-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bz2-5.2.14-0.7.30.72.1
Ссылки

Описание

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bcmath-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bz2-5.2.14-0.7.30.72.1
Ссылки

Описание

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bcmath-5.2.14-0.7.30.72.1
SUSE Linux Enterprise Server 11 SP2-LTSS:php5-bz2-5.2.14-0.7.30.72.1
Ссылки