Описание
Security update for php5
This update for php5 fixes the following security issues:
- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792).
- CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351]
- CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected.
- CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821]
- CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected.
- CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612]
- CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611]
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1173-1
- SUSE Security Ratings
Описание
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.
Затронутые продукты
Ссылки
- CVE-2014-9767
- SUSE Bug 971612
- SUSE Bug 980366
Описание
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.
Затронутые продукты
Ссылки
- CVE-2015-8835
- SUSE Bug 973351
- SUSE Bug 980366
Описание
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Затронутые продукты
Ссылки
- CVE-2015-8838
- SUSE Bug 973792
- SUSE Bug 980366
Описание
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.
Затронутые продукты
Ссылки
- CVE-2016-2554
- SUSE Bug 968284
- SUSE Bug 980366
Описание
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
Затронутые продукты
Ссылки
- CVE-2016-3141
- SUSE Bug 969821
- SUSE Bug 980366
Описание
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Затронутые продукты
Ссылки
- CVE-2016-3142
- SUSE Bug 971912
- SUSE Bug 980366
Описание
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
Затронутые продукты
Ссылки
- CVE-2016-3185
- SUSE Bug 971611
- SUSE Bug 973351
- SUSE Bug 980366