Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0017-1

Опубликовано: 04 янв. 2017
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

  • CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187]
  • CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188]
  • CVE-2016-9935 Invalid read could lead to crash [bsc#1015189]
  • CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191]

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php7-7.0.7-28.2
php7-7.0.7-28.2
php7-bcmath-7.0.7-28.2
php7-bz2-7.0.7-28.2
php7-calendar-7.0.7-28.2
php7-ctype-7.0.7-28.2
php7-curl-7.0.7-28.2
php7-dba-7.0.7-28.2
php7-dom-7.0.7-28.2
php7-enchant-7.0.7-28.2
php7-exif-7.0.7-28.2
php7-fastcgi-7.0.7-28.2
php7-fileinfo-7.0.7-28.2
php7-fpm-7.0.7-28.2
php7-ftp-7.0.7-28.2
php7-gd-7.0.7-28.2
php7-gettext-7.0.7-28.2
php7-gmp-7.0.7-28.2
php7-iconv-7.0.7-28.2
php7-imap-7.0.7-28.2
php7-intl-7.0.7-28.2
php7-json-7.0.7-28.2
php7-ldap-7.0.7-28.2
php7-mbstring-7.0.7-28.2
php7-mcrypt-7.0.7-28.2
php7-mysql-7.0.7-28.2
php7-odbc-7.0.7-28.2
php7-opcache-7.0.7-28.2
php7-openssl-7.0.7-28.2
php7-pcntl-7.0.7-28.2
php7-pdo-7.0.7-28.2
php7-pear-7.0.7-28.2
php7-pear-Archive_Tar-7.0.7-28.2
php7-pgsql-7.0.7-28.2
php7-phar-7.0.7-28.2
php7-posix-7.0.7-28.2
php7-pspell-7.0.7-28.2
php7-shmop-7.0.7-28.2
php7-snmp-7.0.7-28.2
php7-soap-7.0.7-28.2
php7-sockets-7.0.7-28.2
php7-sqlite-7.0.7-28.2
php7-sysvmsg-7.0.7-28.2
php7-sysvsem-7.0.7-28.2
php7-sysvshm-7.0.7-28.2
php7-tokenizer-7.0.7-28.2
php7-wddx-7.0.7-28.2
php7-xmlreader-7.0.7-28.2
php7-xmlrpc-7.0.7-28.2
php7-xmlwriter-7.0.7-28.2
php7-xsl-7.0.7-28.2
php7-zip-7.0.7-28.2
php7-zlib-7.0.7-28.2
SUSE Linux Enterprise Software Development Kit 12 SP1
php7-devel-7.0.7-28.2
SUSE Linux Enterprise Software Development Kit 12 SP2
php7-devel-7.0.7-28.2

Ссылки

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-28.2
Ссылки

Описание

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-28.2
Ссылки

Описание

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-28.2
Ссылки

Описание

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-28.2
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-28.2
Ссылки