Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2468-1

Опубликовано: 14 сент. 2017
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes several issues.

These security issues were fixed:

  • CVE-2017-12932: Prevent heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054432).
  • CVE-2017-12934: Prevent heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054408).
  • CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430)

These non-security issues were fixed:

  • bsc#1057104: php7-devel now requires php7-pear
  • bsc#1057845: Fixed namespace encapsulation of imported classes/functions/constants

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php7-7.0.7-50.18.1
php7-7.0.7-50.18.1
php7-bcmath-7.0.7-50.18.1
php7-bz2-7.0.7-50.18.1
php7-calendar-7.0.7-50.18.1
php7-ctype-7.0.7-50.18.1
php7-curl-7.0.7-50.18.1
php7-dba-7.0.7-50.18.1
php7-dom-7.0.7-50.18.1
php7-enchant-7.0.7-50.18.1
php7-exif-7.0.7-50.18.1
php7-fastcgi-7.0.7-50.18.1
php7-fileinfo-7.0.7-50.18.1
php7-fpm-7.0.7-50.18.1
php7-ftp-7.0.7-50.18.1
php7-gd-7.0.7-50.18.1
php7-gettext-7.0.7-50.18.1
php7-gmp-7.0.7-50.18.1
php7-iconv-7.0.7-50.18.1
php7-imap-7.0.7-50.18.1
php7-intl-7.0.7-50.18.1
php7-json-7.0.7-50.18.1
php7-ldap-7.0.7-50.18.1
php7-mbstring-7.0.7-50.18.1
php7-mcrypt-7.0.7-50.18.1
php7-mysql-7.0.7-50.18.1
php7-odbc-7.0.7-50.18.1
php7-opcache-7.0.7-50.18.1
php7-openssl-7.0.7-50.18.1
php7-pcntl-7.0.7-50.18.1
php7-pdo-7.0.7-50.18.1
php7-pear-7.0.7-50.18.1
php7-pear-Archive_Tar-7.0.7-50.18.1
php7-pgsql-7.0.7-50.18.1
php7-phar-7.0.7-50.18.1
php7-posix-7.0.7-50.18.1
php7-pspell-7.0.7-50.18.1
php7-shmop-7.0.7-50.18.1
php7-snmp-7.0.7-50.18.1
php7-soap-7.0.7-50.18.1
php7-sockets-7.0.7-50.18.1
php7-sqlite-7.0.7-50.18.1
php7-sysvmsg-7.0.7-50.18.1
php7-sysvsem-7.0.7-50.18.1
php7-sysvshm-7.0.7-50.18.1
php7-tokenizer-7.0.7-50.18.1
php7-wddx-7.0.7-50.18.1
php7-xmlreader-7.0.7-50.18.1
php7-xmlrpc-7.0.7-50.18.1
php7-xmlwriter-7.0.7-50.18.1
php7-xsl-7.0.7-50.18.1
php7-zip-7.0.7-50.18.1
php7-zlib-7.0.7-50.18.1
SUSE Linux Enterprise Software Development Kit 12 SP2
php7-devel-7.0.7-50.18.1
SUSE Linux Enterprise Software Development Kit 12 SP3
php7-devel-7.0.7-50.18.1

Ссылки

Описание

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.18.1
Ссылки

Описание

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.18.1
Ссылки

Описание

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bcmath-7.0.7-50.18.1
SUSE Linux Enterprise Module for Web and Scripting 12:php7-bz2-7.0.7-50.18.1
Ссылки