Описание
Security update for php5
php5 was updated to fix the following security issues:
- CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426).
- CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427).
- CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428).
- CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429).
- CVE-2016-5399: Improper error handling in bzread() (bsc#991430).
- CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433).
- CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437).
- CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388).
- CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).
- CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244).
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).
- CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2016:2080-1
- E-Mail link for SUSE-SU-2016:2080-1
- SUSE Security Ratings
- SUSE Bug 986004
- SUSE Bug 986244
- SUSE Bug 986386
- SUSE Bug 986388
- SUSE Bug 986393
- SUSE Bug 991426
- SUSE Bug 991427
- SUSE Bug 991428
- SUSE Bug 991429
- SUSE Bug 991430
- SUSE Bug 991433
- SUSE Bug 991437
- SUSE CVE CVE-2015-8935 page
- SUSE CVE CVE-2016-5399 page
- SUSE CVE CVE-2016-5766 page
- SUSE CVE CVE-2016-5767 page
- SUSE CVE CVE-2016-5769 page
Описание
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
Затронутые продукты
Ссылки
- CVE-2015-8935
- SUSE Bug 986004
Описание
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Затронутые продукты
Ссылки
- CVE-2016-5399
- SUSE Bug 991430
Описание
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
Затронутые продукты
Ссылки
- CVE-2016-5766
- SUSE Bug 986386
Описание
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
Затронутые продукты
Ссылки
- CVE-2016-5767
- SUSE Bug 986393
Описание
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
Затронутые продукты
Ссылки
- CVE-2016-5769
- SUSE Bug 986388
Описание
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
Затронутые продукты
Ссылки
- CVE-2016-5772
- SUSE Bug 986244
Описание
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
Затронутые продукты
Ссылки
- CVE-2016-6288
- SUSE Bug 991433
Описание
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.
Затронутые продукты
Ссылки
- CVE-2016-6289
- SUSE Bug 991428
Описание
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
Затронутые продукты
Ссылки
- CVE-2016-6290
- SUSE Bug 991429
Описание
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2016-6291
- SUSE Bug 991427
Описание
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
Затронутые продукты
Ссылки
- CVE-2016-6296
- SUSE Bug 991437
Описание
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.
Затронутые продукты
Ссылки
- CVE-2016-6297
- SUSE Bug 991426