Описание
Security update for php5
This update for php5 fixes the following issues:
- CVE-2016-9137: Use After Free in unserialize() (bsc#1008029)
- CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Desktop 12 SP2
libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-86.2
libc-client2007e_suse-2007e_suse-22.1
php5-5.5.14-86.2
php5-bcmath-5.5.14-86.2
php5-bz2-5.5.14-86.2
php5-calendar-5.5.14-86.2
php5-ctype-5.5.14-86.2
php5-curl-5.5.14-86.2
php5-dba-5.5.14-86.2
php5-dom-5.5.14-86.2
php5-enchant-5.5.14-86.2
php5-exif-5.5.14-86.2
php5-fastcgi-5.5.14-86.2
php5-fileinfo-5.5.14-86.2
php5-fpm-5.5.14-86.2
php5-ftp-5.5.14-86.2
php5-gd-5.5.14-86.2
php5-gettext-5.5.14-86.2
php5-gmp-5.5.14-86.2
php5-iconv-5.5.14-86.2
php5-imap-5.5.14-86.2
php5-intl-5.5.14-86.2
php5-json-5.5.14-86.2
php5-ldap-5.5.14-86.2
php5-mbstring-5.5.14-86.2
php5-mcrypt-5.5.14-86.2
php5-mysql-5.5.14-86.2
php5-odbc-5.5.14-86.2
php5-opcache-5.5.14-86.2
php5-openssl-5.5.14-86.2
php5-pcntl-5.5.14-86.2
php5-pdo-5.5.14-86.2
php5-pear-5.5.14-86.2
php5-pgsql-5.5.14-86.2
php5-phar-5.5.14-86.2
php5-posix-5.5.14-86.2
php5-pspell-5.5.14-86.2
php5-shmop-5.5.14-86.2
php5-snmp-5.5.14-86.2
php5-soap-5.5.14-86.2
php5-sockets-5.5.14-86.2
php5-sqlite-5.5.14-86.2
php5-suhosin-5.5.14-86.2
php5-sysvmsg-5.5.14-86.2
php5-sysvsem-5.5.14-86.2
php5-sysvshm-5.5.14-86.2
php5-tokenizer-5.5.14-86.2
php5-wddx-5.5.14-86.2
php5-xmlreader-5.5.14-86.2
php5-xmlrpc-5.5.14-86.2
php5-xmlwriter-5.5.14-86.2
php5-xsl-5.5.14-86.2
php5-zip-5.5.14-86.2
php5-zlib-5.5.14-86.2
SUSE Linux Enterprise Software Development Kit 12 SP1
imap-devel-2007e_suse-22.1
libc-client2007e_suse-2007e_suse-22.1
php5-devel-5.5.14-86.2
SUSE Linux Enterprise Software Development Kit 12 SP2
imap-devel-2007e_suse-22.1
libc-client2007e_suse-2007e_suse-22.1
php5-devel-5.5.14-86.2
SUSE Linux Enterprise Workstation Extension 12 SP1
libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libc-client2007e_suse-2007e_suse-22.1
Ссылки
- Link for SUSE-SU-2016:2975-1
- E-Mail link for SUSE-SU-2016:2975-1
- SUSE Security Ratings
- SUSE Bug 1008029
- SUSE Bug 986247
- SUSE CVE CVE-2016-5773 page
- SUSE CVE CVE-2016-9137 page
Описание
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Desktop 12 SP2:libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-86.2
SUSE Linux Enterprise Module for Web and Scripting 12:libc-client2007e_suse-2007e_suse-22.1
Ссылки
- CVE-2016-5773
- SUSE Bug 986247
- SUSE Bug 986391
Описание
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Desktop 12 SP2:libc-client2007e_suse-2007e_suse-22.1
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-86.2
SUSE Linux Enterprise Module for Web and Scripting 12:libc-client2007e_suse-2007e_suse-22.1
Ссылки
- CVE-2016-9137
- SUSE Bug 1008026
- SUSE Bug 1008029