Описание
Security update for php5
This update for php5 fixes several issues.
These security issues were fixed:
- CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220)
- CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php5-5.5.14-109.17.1
php5-5.5.14-109.17.1
php5-bcmath-5.5.14-109.17.1
php5-bz2-5.5.14-109.17.1
php5-calendar-5.5.14-109.17.1
php5-ctype-5.5.14-109.17.1
php5-curl-5.5.14-109.17.1
php5-dba-5.5.14-109.17.1
php5-dom-5.5.14-109.17.1
php5-enchant-5.5.14-109.17.1
php5-exif-5.5.14-109.17.1
php5-fastcgi-5.5.14-109.17.1
php5-fileinfo-5.5.14-109.17.1
php5-fpm-5.5.14-109.17.1
php5-ftp-5.5.14-109.17.1
php5-gd-5.5.14-109.17.1
php5-gettext-5.5.14-109.17.1
php5-gmp-5.5.14-109.17.1
php5-iconv-5.5.14-109.17.1
php5-imap-5.5.14-109.17.1
php5-intl-5.5.14-109.17.1
php5-json-5.5.14-109.17.1
php5-ldap-5.5.14-109.17.1
php5-mbstring-5.5.14-109.17.1
php5-mcrypt-5.5.14-109.17.1
php5-mysql-5.5.14-109.17.1
php5-odbc-5.5.14-109.17.1
php5-opcache-5.5.14-109.17.1
php5-openssl-5.5.14-109.17.1
php5-pcntl-5.5.14-109.17.1
php5-pdo-5.5.14-109.17.1
php5-pear-5.5.14-109.17.1
php5-pgsql-5.5.14-109.17.1
php5-phar-5.5.14-109.17.1
php5-posix-5.5.14-109.17.1
php5-pspell-5.5.14-109.17.1
php5-shmop-5.5.14-109.17.1
php5-snmp-5.5.14-109.17.1
php5-soap-5.5.14-109.17.1
php5-sockets-5.5.14-109.17.1
php5-sqlite-5.5.14-109.17.1
php5-suhosin-5.5.14-109.17.1
php5-sysvmsg-5.5.14-109.17.1
php5-sysvsem-5.5.14-109.17.1
php5-sysvshm-5.5.14-109.17.1
php5-tokenizer-5.5.14-109.17.1
php5-wddx-5.5.14-109.17.1
php5-xmlreader-5.5.14-109.17.1
php5-xmlrpc-5.5.14-109.17.1
php5-xmlwriter-5.5.14-109.17.1
php5-xsl-5.5.14-109.17.1
php5-zip-5.5.14-109.17.1
php5-zlib-5.5.14-109.17.1
SUSE Linux Enterprise Software Development Kit 12 SP2
php5-devel-5.5.14-109.17.1
SUSE Linux Enterprise Software Development Kit 12 SP3
php5-devel-5.5.14-109.17.1
Ссылки
- Link for SUSE-SU-2018:0216-1
- E-Mail link for SUSE-SU-2018:0216-1
- SUSE Security Ratings
- SUSE Bug 1076220
- SUSE Bug 1076391
- SUSE CVE CVE-2018-5711 page
- SUSE CVE CVE-2018-5712 page
Описание
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.17.1
Ссылки
- CVE-2018-5711
- SUSE Bug 1076391
Описание
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-109.17.1
SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-109.17.1
Ссылки
- CVE-2018-5712
- SUSE Bug 1076220
- SUSE Bug 1076391
- SUSE Bug 1091362