openSUSE-SU-2016:0366-1

Опубликовано: 07 фев. 2016

Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following issues:

CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service (DoS) [bsc#949961]
CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified memory when rotating images [bsc#962057]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

apache2-mod_php5-5.5.14-41.1

php5-5.5.14-41.1

php5-bcmath-5.5.14-41.1

php5-bz2-5.5.14-41.1

php5-calendar-5.5.14-41.1

php5-ctype-5.5.14-41.1

php5-curl-5.5.14-41.1

php5-dba-5.5.14-41.1

php5-devel-5.5.14-41.1

php5-dom-5.5.14-41.1

php5-enchant-5.5.14-41.1

php5-exif-5.5.14-41.1

php5-fastcgi-5.5.14-41.1

php5-fileinfo-5.5.14-41.1

php5-firebird-5.5.14-41.1

php5-fpm-5.5.14-41.1

php5-ftp-5.5.14-41.1

php5-gd-5.5.14-41.1

php5-gettext-5.5.14-41.1

php5-gmp-5.5.14-41.1

php5-iconv-5.5.14-41.1

php5-imap-5.5.14-41.1

php5-intl-5.5.14-41.1

php5-json-5.5.14-41.1

php5-ldap-5.5.14-41.1

php5-mbstring-5.5.14-41.1

php5-mcrypt-5.5.14-41.1

php5-mssql-5.5.14-41.1

php5-mysql-5.5.14-41.1

php5-odbc-5.5.14-41.1

php5-opcache-5.5.14-41.1

php5-openssl-5.5.14-41.1

php5-pcntl-5.5.14-41.1

php5-pdo-5.5.14-41.1

php5-pear-5.5.14-41.1

php5-pgsql-5.5.14-41.1

php5-phar-5.5.14-41.1

php5-posix-5.5.14-41.1

php5-pspell-5.5.14-41.1

php5-readline-5.5.14-41.1

php5-shmop-5.5.14-41.1

php5-snmp-5.5.14-41.1

php5-soap-5.5.14-41.1

php5-sockets-5.5.14-41.1

php5-sqlite-5.5.14-41.1

php5-suhosin-5.5.14-41.1

php5-sysvmsg-5.5.14-41.1

php5-sysvsem-5.5.14-41.1

php5-sysvshm-5.5.14-41.1

php5-tidy-5.5.14-41.1

php5-tokenizer-5.5.14-41.1

php5-wddx-5.5.14-41.1

php5-xmlreader-5.5.14-41.1

php5-xmlrpc-5.5.14-41.1

php5-xmlwriter-5.5.14-41.1

php5-xsl-5.5.14-41.1

php5-zip-5.5.14-41.1

php5-zlib-5.5.14-41.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html
E-Mail link for openSUSE-SU-2016:0366-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-41.1

openSUSE Leap 42.1:php5-5.5.14-41.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-41.1

openSUSE Leap 42.1:php5-bz2-5.5.14-41.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-7803.html
CVE-2015-7803
https://bugzilla.suse.com/949961
SUSE Bug 949961
https://bugzilla.suse.com/980366
SUSE Bug 980366

Описание

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-41.1

openSUSE Leap 42.1:php5-5.5.14-41.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-41.1

openSUSE Leap 42.1:php5-bz2-5.5.14-41.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-1903.html
CVE-2016-1903
https://bugzilla.suse.com/962057
SUSE Bug 962057

openSUSE-SU-2016:0366-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-7803

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-1903

Описание

Затронутые продукты

Ссылки