Описание
Security update for php53
This update for php53 fixes the following issues:
- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792).
- CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351]
- CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected.
- CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] Note: we do not ship the phar extension currently, so we are not affected.
- CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821]
- CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected.
- CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612]
- CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611]
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2016:1145-1
- E-Mail link for SUSE-SU-2016:1145-1
- SUSE Security Ratings
- SUSE Bug 949961
- SUSE Bug 968284
- SUSE Bug 969821
- SUSE Bug 971611
- SUSE Bug 971612
- SUSE Bug 971912
- SUSE Bug 973351
- SUSE Bug 973792
- SUSE CVE CVE-2014-9767 page
- SUSE CVE CVE-2015-7803 page
- SUSE CVE CVE-2015-8835 page
- SUSE CVE CVE-2015-8838 page
- SUSE CVE CVE-2016-2554 page
- SUSE CVE CVE-2016-3141 page
- SUSE CVE CVE-2016-3142 page
- SUSE CVE CVE-2016-3185 page
Описание
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.
Затронутые продукты
Ссылки
- CVE-2014-9767
- SUSE Bug 971612
- SUSE Bug 980366
Описание
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
Затронутые продукты
Ссылки
- CVE-2015-7803
- SUSE Bug 949961
- SUSE Bug 980366
Описание
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.
Затронутые продукты
Ссылки
- CVE-2015-8835
- SUSE Bug 973351
- SUSE Bug 980366
Описание
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Затронутые продукты
Ссылки
- CVE-2015-8838
- SUSE Bug 973792
- SUSE Bug 980366
Описание
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.
Затронутые продукты
Ссылки
- CVE-2016-2554
- SUSE Bug 968284
- SUSE Bug 980366
Описание
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Затронутые продукты
Ссылки
- CVE-2016-3141
- SUSE Bug 969821
- SUSE Bug 980366
Описание
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Затронутые продукты
Ссылки
- CVE-2016-3142
- SUSE Bug 971912
- SUSE Bug 980366
Описание
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
Затронутые продукты
Ссылки
- CVE-2016-3185
- SUSE Bug 971611
- SUSE Bug 973351
- SUSE Bug 980366