Описание
Security update for php7
This update for php7 fixes the following security issues:
- CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
- CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
- CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]
- CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]
- CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]
- CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]
- CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]
- CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]
- CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
- CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]
- CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]
- CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()
- CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
- CVE-2016-7125: PHP Session Data Injection Vulnerability
- CVE-2016-7126: select_colors write out-of-bounds
- CVE-2016-7127: imagegammacorrect allowed arbitrary write access
- CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
- CVE-2016-7129: wddx_deserialize allowed illegal memory access
- CVE-2016-7131: wddx_deserialize null dereference with invalid xml
- CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
- CVE-2016-7133: memory allocator fails to realloc small block to large one
- CVE-2016-7134: Heap overflow in the function curl_escape
- CVE-2016-7130: wddx_deserialize null dereference
- CVE-2016-7413: Use after free in wddx_deserialize
- CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
- CVE-2016-7417: Missing type check when unserializing SplArray
- CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
- CVE-2016-7418: Null pointer dereference in php_wddx_push_element
- CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:2460-1
- E-Mail link for SUSE-SU-2016:2460-1
- SUSE Security Ratings
- SUSE Bug 1001950
- SUSE Bug 987580
- SUSE Bug 988032
- SUSE Bug 991422
- SUSE Bug 991424
- SUSE Bug 991426
- SUSE Bug 991427
- SUSE Bug 991428
- SUSE Bug 991429
- SUSE Bug 991430
- SUSE Bug 991434
- SUSE Bug 991437
- SUSE Bug 995512
- SUSE Bug 997206
- SUSE Bug 997207
- SUSE Bug 997208
- SUSE Bug 997210
Описание
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
Затронутые продукты
Ссылки
- CVE-2016-4473
- SUSE Bug 995512
Описание
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Затронутые продукты
Ссылки
- CVE-2016-5399
- SUSE Bug 991430
Описание
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Затронутые продукты
Ссылки
- CVE-2016-6128
- SUSE Bug 987580
- SUSE Bug 991710
Описание
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2016-6161
- SUSE Bug 988032
Описание
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-6207
- SUSE Bug 991434
- SUSE Bug 991622
Описание
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.
Затронутые продукты
Ссылки
- CVE-2016-6289
- SUSE Bug 991428
Описание
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
Затронутые продукты
Ссылки
- CVE-2016-6290
- SUSE Bug 991429
Описание
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2016-6291
- SUSE Bug 991427
Описание
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2016-6292
- SUSE Bug 991422
Описание
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.
Затронутые продукты
Ссылки
- CVE-2016-6295
- SUSE Bug 991424
Описание
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
Затронутые продукты
Ссылки
- CVE-2016-6296
- SUSE Bug 991437
Описание
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.
Затронутые продукты
Ссылки
- CVE-2016-6297
- SUSE Bug 991426
Описание
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
Затронутые продукты
Ссылки
- CVE-2016-7124
- SUSE Bug 997206
Описание
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
Затронутые продукты
Ссылки
- CVE-2016-7125
- SUSE Bug 997207
Описание
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Затронутые продукты
Ссылки
- CVE-2016-7126
- SUSE Bug 997208
Описание
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
Затронутые продукты
Ссылки
- CVE-2016-7127
- SUSE Bug 997210
Описание
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-7128
- SUSE Bug 997211
Описание
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7129
- SUSE Bug 997220
Описание
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7130
- SUSE Bug 997257
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
Затронутые продукты
Ссылки
- CVE-2016-7131
- SUSE Bug 997225
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Затронутые продукты
Ссылки
- CVE-2016-7132
- SUSE Bug 997230
Описание
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
Затронутые продукты
Ссылки
- CVE-2016-7133
- SUSE Bug 997247
Описание
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
Затронутые продукты
Ссылки
- CVE-2016-7134
- SUSE Bug 997248
Описание
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
Затронутые продукты
Ссылки
- CVE-2016-7412
- SUSE Bug 999680
Описание
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
Затронутые продукты
Ссылки
- CVE-2016-7413
- SUSE Bug 999679
Описание
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Затронутые продукты
Ссылки
- CVE-2016-7414
- SUSE Bug 999820
Описание
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
Затронутые продукты
Ссылки
- CVE-2016-7416
- SUSE Bug 999685
Описание
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
Затронутые продукты
Ссылки
- CVE-2016-7417
- SUSE Bug 999684
Описание
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
Затронутые продукты
Ссылки
- CVE-2016-7418
- SUSE Bug 999819