Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:0109-1

Опубликовано: 11 янв. 2017
Источник: suse-cvrf

Описание

Security update for php53

This update for php53 fixes the following issues:

  • CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232]
  • CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187]
  • CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188]
  • CVE-2016-9935: Invalid read could lead to crash [bsc#1015189]
  • Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305]

Список пакетов

SUSE Linux Enterprise Server 11 SP4
apache2-mod_php53-5.3.17-94.1
php53-5.3.17-94.1
php53-bcmath-5.3.17-94.1
php53-bz2-5.3.17-94.1
php53-calendar-5.3.17-94.1
php53-ctype-5.3.17-94.1
php53-curl-5.3.17-94.1
php53-dba-5.3.17-94.1
php53-dom-5.3.17-94.1
php53-exif-5.3.17-94.1
php53-fastcgi-5.3.17-94.1
php53-fileinfo-5.3.17-94.1
php53-ftp-5.3.17-94.1
php53-gd-5.3.17-94.1
php53-gettext-5.3.17-94.1
php53-gmp-5.3.17-94.1
php53-iconv-5.3.17-94.1
php53-intl-5.3.17-94.1
php53-json-5.3.17-94.1
php53-ldap-5.3.17-94.1
php53-mbstring-5.3.17-94.1
php53-mcrypt-5.3.17-94.1
php53-mysql-5.3.17-94.1
php53-odbc-5.3.17-94.1
php53-openssl-5.3.17-94.1
php53-pcntl-5.3.17-94.1
php53-pdo-5.3.17-94.1
php53-pear-5.3.17-94.1
php53-pgsql-5.3.17-94.1
php53-pspell-5.3.17-94.1
php53-shmop-5.3.17-94.1
php53-snmp-5.3.17-94.1
php53-soap-5.3.17-94.1
php53-suhosin-5.3.17-94.1
php53-sysvmsg-5.3.17-94.1
php53-sysvsem-5.3.17-94.1
php53-sysvshm-5.3.17-94.1
php53-tokenizer-5.3.17-94.1
php53-wddx-5.3.17-94.1
php53-xmlreader-5.3.17-94.1
php53-xmlrpc-5.3.17-94.1
php53-xmlwriter-5.3.17-94.1
php53-xsl-5.3.17-94.1
php53-zip-5.3.17-94.1
php53-zlib-5.3.17-94.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-mod_php53-5.3.17-94.1
php53-5.3.17-94.1
php53-bcmath-5.3.17-94.1
php53-bz2-5.3.17-94.1
php53-calendar-5.3.17-94.1
php53-ctype-5.3.17-94.1
php53-curl-5.3.17-94.1
php53-dba-5.3.17-94.1
php53-dom-5.3.17-94.1
php53-exif-5.3.17-94.1
php53-fastcgi-5.3.17-94.1
php53-fileinfo-5.3.17-94.1
php53-ftp-5.3.17-94.1
php53-gd-5.3.17-94.1
php53-gettext-5.3.17-94.1
php53-gmp-5.3.17-94.1
php53-iconv-5.3.17-94.1
php53-intl-5.3.17-94.1
php53-json-5.3.17-94.1
php53-ldap-5.3.17-94.1
php53-mbstring-5.3.17-94.1
php53-mcrypt-5.3.17-94.1
php53-mysql-5.3.17-94.1
php53-odbc-5.3.17-94.1
php53-openssl-5.3.17-94.1
php53-pcntl-5.3.17-94.1
php53-pdo-5.3.17-94.1
php53-pear-5.3.17-94.1
php53-pgsql-5.3.17-94.1
php53-pspell-5.3.17-94.1
php53-shmop-5.3.17-94.1
php53-snmp-5.3.17-94.1
php53-soap-5.3.17-94.1
php53-suhosin-5.3.17-94.1
php53-sysvmsg-5.3.17-94.1
php53-sysvsem-5.3.17-94.1
php53-sysvshm-5.3.17-94.1
php53-tokenizer-5.3.17-94.1
php53-wddx-5.3.17-94.1
php53-xmlreader-5.3.17-94.1
php53-xmlrpc-5.3.17-94.1
php53-xmlwriter-5.3.17-94.1
php53-xsl-5.3.17-94.1
php53-zip-5.3.17-94.1
php53-zlib-5.3.17-94.1
SUSE Linux Enterprise Software Development Kit 11 SP4
php53-devel-5.3.17-94.1
php53-imap-5.3.17-94.1
php53-posix-5.3.17-94.1
php53-readline-5.3.17-94.1
php53-sockets-5.3.17-94.1
php53-sqlite-5.3.17-94.1
php53-tidy-5.3.17-94.1

Ссылки

Описание

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-94.1
Ссылки

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-94.1
Ссылки

Описание

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-94.1
Ссылки

Описание

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-94.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-94.1
Ссылки
Уязвимость SUSE-SU-2017:0109-1