Описание
Security update for php53
This update for php53 fixes the following security issues:
- CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
- CVE-2016-7125: PHP Session Data Injection Vulnerability
- CVE-2016-7126: select_colors write out-of-bounds
- CVE-2016-7127: imagegammacorrect allowed arbitrary write access
- CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
- CVE-2016-7129: wddx_deserialize allows illegal memory access
- CVE-2016-7130: wddx_deserialize null dereference
- CVE-2016-7131: wddx_deserialize null dereference with invalid xml
- CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
- CVE-2016-7411: php5: Memory corruption when destructing deserialized object
- CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
- CVE-2016-7413: Use after free in wddx_deserialize
- CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
- CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
- CVE-2016-7417: Missing type check when unserializing SplArray
- CVE-2016-7418: Null pointer dereference in php_wddx_push_element
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2016:2459-1
- E-Mail link for SUSE-SU-2016:2459-1
- SUSE Security Ratings
- SUSE Bug 997206
- SUSE Bug 997207
- SUSE Bug 997208
- SUSE Bug 997210
- SUSE Bug 997211
- SUSE Bug 997220
- SUSE Bug 997225
- SUSE Bug 997230
- SUSE Bug 997257
- SUSE Bug 999679
- SUSE Bug 999680
- SUSE Bug 999682
- SUSE Bug 999684
- SUSE Bug 999685
- SUSE Bug 999819
- SUSE Bug 999820
- SUSE CVE CVE-2016-7124 page
Описание
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
Затронутые продукты
Ссылки
- CVE-2016-7124
- SUSE Bug 997206
Описание
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
Затронутые продукты
Ссылки
- CVE-2016-7125
- SUSE Bug 997207
Описание
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Затронутые продукты
Ссылки
- CVE-2016-7126
- SUSE Bug 997208
Описание
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
Затронутые продукты
Ссылки
- CVE-2016-7127
- SUSE Bug 997210
Описание
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-7128
- SUSE Bug 997211
Описание
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7129
- SUSE Bug 997220
Описание
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7130
- SUSE Bug 997257
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
Затронутые продукты
Ссылки
- CVE-2016-7131
- SUSE Bug 997225
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Затронутые продукты
Ссылки
- CVE-2016-7132
- SUSE Bug 997230
Описание
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Затронутые продукты
Ссылки
- CVE-2016-7411
- SUSE Bug 999682
Описание
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
Затронутые продукты
Ссылки
- CVE-2016-7412
- SUSE Bug 999680
Описание
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
Затронутые продукты
Ссылки
- CVE-2016-7413
- SUSE Bug 999679
Описание
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Затронутые продукты
Ссылки
- CVE-2016-7414
- SUSE Bug 999820
Описание
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
Затронутые продукты
Ссылки
- CVE-2016-7416
- SUSE Bug 999685
Описание
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
Затронутые продукты
Ссылки
- CVE-2016-7417
- SUSE Bug 999684
Описание
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
Затронутые продукты
Ссылки
- CVE-2016-7418
- SUSE Bug 999819