Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0003-1

Опубликовано: 02 янв. 2018
Источник: suse-cvrf

Описание

Security update for php53

This update for php53 fixes the following issues:

Security issues fixed:

  • CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441).
  • CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606).
  • CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631).

Список пакетов

SUSE Linux Enterprise Server 11 SP4
apache2-mod_php53-5.3.17-112.10.1
php53-5.3.17-112.10.1
php53-bcmath-5.3.17-112.10.1
php53-bz2-5.3.17-112.10.1
php53-calendar-5.3.17-112.10.1
php53-ctype-5.3.17-112.10.1
php53-curl-5.3.17-112.10.1
php53-dba-5.3.17-112.10.1
php53-dom-5.3.17-112.10.1
php53-exif-5.3.17-112.10.1
php53-fastcgi-5.3.17-112.10.1
php53-fileinfo-5.3.17-112.10.1
php53-ftp-5.3.17-112.10.1
php53-gd-5.3.17-112.10.1
php53-gettext-5.3.17-112.10.1
php53-gmp-5.3.17-112.10.1
php53-iconv-5.3.17-112.10.1
php53-intl-5.3.17-112.10.1
php53-json-5.3.17-112.10.1
php53-ldap-5.3.17-112.10.1
php53-mbstring-5.3.17-112.10.1
php53-mcrypt-5.3.17-112.10.1
php53-mysql-5.3.17-112.10.1
php53-odbc-5.3.17-112.10.1
php53-openssl-5.3.17-112.10.1
php53-pcntl-5.3.17-112.10.1
php53-pdo-5.3.17-112.10.1
php53-pear-5.3.17-112.10.1
php53-pgsql-5.3.17-112.10.1
php53-pspell-5.3.17-112.10.1
php53-shmop-5.3.17-112.10.1
php53-snmp-5.3.17-112.10.1
php53-soap-5.3.17-112.10.1
php53-suhosin-5.3.17-112.10.1
php53-sysvmsg-5.3.17-112.10.1
php53-sysvsem-5.3.17-112.10.1
php53-sysvshm-5.3.17-112.10.1
php53-tokenizer-5.3.17-112.10.1
php53-wddx-5.3.17-112.10.1
php53-xmlreader-5.3.17-112.10.1
php53-xmlrpc-5.3.17-112.10.1
php53-xmlwriter-5.3.17-112.10.1
php53-xsl-5.3.17-112.10.1
php53-zip-5.3.17-112.10.1
php53-zlib-5.3.17-112.10.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apache2-mod_php53-5.3.17-112.10.1
php53-5.3.17-112.10.1
php53-bcmath-5.3.17-112.10.1
php53-bz2-5.3.17-112.10.1
php53-calendar-5.3.17-112.10.1
php53-ctype-5.3.17-112.10.1
php53-curl-5.3.17-112.10.1
php53-dba-5.3.17-112.10.1
php53-dom-5.3.17-112.10.1
php53-exif-5.3.17-112.10.1
php53-fastcgi-5.3.17-112.10.1
php53-fileinfo-5.3.17-112.10.1
php53-ftp-5.3.17-112.10.1
php53-gd-5.3.17-112.10.1
php53-gettext-5.3.17-112.10.1
php53-gmp-5.3.17-112.10.1
php53-iconv-5.3.17-112.10.1
php53-intl-5.3.17-112.10.1
php53-json-5.3.17-112.10.1
php53-ldap-5.3.17-112.10.1
php53-mbstring-5.3.17-112.10.1
php53-mcrypt-5.3.17-112.10.1
php53-mysql-5.3.17-112.10.1
php53-odbc-5.3.17-112.10.1
php53-openssl-5.3.17-112.10.1
php53-pcntl-5.3.17-112.10.1
php53-pdo-5.3.17-112.10.1
php53-pear-5.3.17-112.10.1
php53-pgsql-5.3.17-112.10.1
php53-pspell-5.3.17-112.10.1
php53-shmop-5.3.17-112.10.1
php53-snmp-5.3.17-112.10.1
php53-soap-5.3.17-112.10.1
php53-suhosin-5.3.17-112.10.1
php53-sysvmsg-5.3.17-112.10.1
php53-sysvsem-5.3.17-112.10.1
php53-sysvshm-5.3.17-112.10.1
php53-tokenizer-5.3.17-112.10.1
php53-wddx-5.3.17-112.10.1
php53-xmlreader-5.3.17-112.10.1
php53-xmlrpc-5.3.17-112.10.1
php53-xmlwriter-5.3.17-112.10.1
php53-xsl-5.3.17-112.10.1
php53-zip-5.3.17-112.10.1
php53-zlib-5.3.17-112.10.1
SUSE Linux Enterprise Software Development Kit 11 SP4
php53-devel-5.3.17-112.10.1
php53-imap-5.3.17-112.10.1
php53-posix-5.3.17-112.10.1
php53-readline-5.3.17-112.10.1
php53-sockets-5.3.17-112.10.1
php53-sqlite-5.3.17-112.10.1
php53-tidy-5.3.17-112.10.1

Ссылки

Описание

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-112.10.1
Ссылки

Описание

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-112.10.1
Ссылки

Описание

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apache2-mod_php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bcmath-5.3.17-112.10.1
SUSE Linux Enterprise Server 11 SP4:php53-bz2-5.3.17-112.10.1
Ссылки
Уязвимость SUSE-SU-2018:0003-1