Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1310-1

Опубликовано: 17 мая 2016
Источник: suse-cvrf

Описание

Security update for php53

This update for php53 fixes the following security issues:

  • CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003)
  • CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005)
  • CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997)
  • CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
apache2-mod_php53-5.3.17-62.1
php53-5.3.17-62.1
php53-bcmath-5.3.17-62.1
php53-bz2-5.3.17-62.1
php53-calendar-5.3.17-62.1
php53-ctype-5.3.17-62.1
php53-curl-5.3.17-62.1
php53-dba-5.3.17-62.1
php53-dom-5.3.17-62.1
php53-exif-5.3.17-62.1
php53-fastcgi-5.3.17-62.1
php53-fileinfo-5.3.17-62.1
php53-ftp-5.3.17-62.1
php53-gd-5.3.17-62.1
php53-gettext-5.3.17-62.1
php53-gmp-5.3.17-62.1
php53-iconv-5.3.17-62.1
php53-intl-5.3.17-62.1
php53-json-5.3.17-62.1
php53-ldap-5.3.17-62.1
php53-mbstring-5.3.17-62.1
php53-mcrypt-5.3.17-62.1
php53-mysql-5.3.17-62.1
php53-odbc-5.3.17-62.1
php53-openssl-5.3.17-62.1
php53-pcntl-5.3.17-62.1
php53-pdo-5.3.17-62.1
php53-pear-5.3.17-62.1
php53-pgsql-5.3.17-62.1
php53-pspell-5.3.17-62.1
php53-shmop-5.3.17-62.1
php53-snmp-5.3.17-62.1
php53-soap-5.3.17-62.1
php53-suhosin-5.3.17-62.1
php53-sysvmsg-5.3.17-62.1
php53-sysvsem-5.3.17-62.1
php53-sysvshm-5.3.17-62.1
php53-tokenizer-5.3.17-62.1
php53-wddx-5.3.17-62.1
php53-xmlreader-5.3.17-62.1
php53-xmlrpc-5.3.17-62.1
php53-xmlwriter-5.3.17-62.1
php53-xsl-5.3.17-62.1
php53-zip-5.3.17-62.1
php53-zlib-5.3.17-62.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-mod_php53-5.3.17-62.1
php53-5.3.17-62.1
php53-bcmath-5.3.17-62.1
php53-bz2-5.3.17-62.1
php53-calendar-5.3.17-62.1
php53-ctype-5.3.17-62.1
php53-curl-5.3.17-62.1
php53-dba-5.3.17-62.1
php53-dom-5.3.17-62.1
php53-exif-5.3.17-62.1
php53-fastcgi-5.3.17-62.1
php53-fileinfo-5.3.17-62.1
php53-ftp-5.3.17-62.1
php53-gd-5.3.17-62.1
php53-gettext-5.3.17-62.1
php53-gmp-5.3.17-62.1
php53-iconv-5.3.17-62.1
php53-intl-5.3.17-62.1
php53-json-5.3.17-62.1
php53-ldap-5.3.17-62.1
php53-mbstring-5.3.17-62.1
php53-mcrypt-5.3.17-62.1
php53-mysql-5.3.17-62.1
php53-odbc-5.3.17-62.1
php53-openssl-5.3.17-62.1
php53-pcntl-5.3.17-62.1
php53-pdo-5.3.17-62.1
php53-pear-5.3.17-62.1
php53-pgsql-5.3.17-62.1
php53-pspell-5.3.17-62.1
php53-shmop-5.3.17-62.1
php53-snmp-5.3.17-62.1
php53-soap-5.3.17-62.1
php53-suhosin-5.3.17-62.1
php53-sysvmsg-5.3.17-62.1
php53-sysvsem-5.3.17-62.1
php53-sysvshm-5.3.17-62.1
php53-tokenizer-5.3.17-62.1
php53-wddx-5.3.17-62.1
php53-xmlreader-5.3.17-62.1
php53-xmlrpc-5.3.17-62.1
php53-xmlwriter-5.3.17-62.1
php53-xsl-5.3.17-62.1
php53-zip-5.3.17-62.1
php53-zlib-5.3.17-62.1
SUSE Linux Enterprise Software Development Kit 11 SP4
php53-devel-5.3.17-62.1
php53-imap-5.3.17-62.1
php53-posix-5.3.17-62.1
php53-readline-5.3.17-62.1
php53-sockets-5.3.17-62.1
php53-sqlite-5.3.17-62.1
php53-tidy-5.3.17-62.1

Ссылки

Описание

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-62.1
Ссылки

Описание

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-62.1
Ссылки

Описание

** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-62.1
Ссылки

Описание

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-62.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-62.1
Ссылки
Уязвимость SUSE-SU-2016:1310-1