Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2941-1

Опубликовано: 29 нояб. 2016
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following security issues:

  • CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486).
  • CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php7-7.0.7-25.1
php7-7.0.7-25.1
php7-bcmath-7.0.7-25.1
php7-bz2-7.0.7-25.1
php7-calendar-7.0.7-25.1
php7-ctype-7.0.7-25.1
php7-curl-7.0.7-25.1
php7-dba-7.0.7-25.1
php7-dom-7.0.7-25.1
php7-enchant-7.0.7-25.1
php7-exif-7.0.7-25.1
php7-fastcgi-7.0.7-25.1
php7-fileinfo-7.0.7-25.1
php7-fpm-7.0.7-25.1
php7-ftp-7.0.7-25.1
php7-gd-7.0.7-25.1
php7-gettext-7.0.7-25.1
php7-gmp-7.0.7-25.1
php7-iconv-7.0.7-25.1
php7-imap-7.0.7-25.1
php7-intl-7.0.7-25.1
php7-json-7.0.7-25.1
php7-ldap-7.0.7-25.1
php7-mbstring-7.0.7-25.1
php7-mcrypt-7.0.7-25.1
php7-mysql-7.0.7-25.1
php7-odbc-7.0.7-25.1
php7-opcache-7.0.7-25.1
php7-openssl-7.0.7-25.1
php7-pcntl-7.0.7-25.1
php7-pdo-7.0.7-25.1
php7-pear-7.0.7-25.1
php7-pear-Archive_Tar-7.0.7-25.1
php7-pgsql-7.0.7-25.1
php7-phar-7.0.7-25.1
php7-posix-7.0.7-25.1
php7-pspell-7.0.7-25.1
php7-shmop-7.0.7-25.1
php7-snmp-7.0.7-25.1
php7-soap-7.0.7-25.1
php7-sockets-7.0.7-25.1
php7-sqlite-7.0.7-25.1
php7-sysvmsg-7.0.7-25.1
php7-sysvsem-7.0.7-25.1
php7-sysvshm-7.0.7-25.1
php7-tokenizer-7.0.7-25.1
php7-wddx-7.0.7-25.1
php7-xmlreader-7.0.7-25.1
php7-xmlrpc-7.0.7-25.1
php7-xmlwriter-7.0.7-25.1
php7-xsl-7.0.7-25.1
php7-zip-7.0.7-25.1
php7-zlib-7.0.7-25.1
SUSE Linux Enterprise Software Development Kit 12 SP1
php7-devel-7.0.7-25.1
SUSE Linux Enterprise Software Development Kit 12 SP2
php7-devel-7.0.7-25.1

Ссылки

Описание

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-25.1
Ссылки

Описание

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-25.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-25.1
Ссылки