Описание
Security update for php5
This update for php5 fixes the following issues:
Security issues fixed:
- CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994)
- CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991)
- CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition (bsc#978827)
- CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828)
- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829)
- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830)
- CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366)
- CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373)
- CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1524-1
- SUSE Security Ratings
Описание
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.
Затронутые продукты
Ссылки
- CVE-2015-4116
- SUSE Bug 980366
Описание
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
Затронутые продукты
Ссылки
- CVE-2015-8873
- SUSE Bug 980366
- SUSE Bug 980373
Описание
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
Затронутые продукты
Ссылки
- CVE-2015-8874
- SUSE Bug 980366
- SUSE Bug 980375
Описание
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
Затронутые продукты
Ссылки
- CVE-2016-4342
- SUSE Bug 977991
- SUSE Bug 980366
Описание
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2016-4346
- SUSE Bug 977993
- SUSE Bug 977994
- SUSE Bug 977995
- SUSE Bug 980366
Описание
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
Затронутые продукты
Ссылки
- CVE-2016-4537
- SUSE Bug 978827
- SUSE Bug 980366
Описание
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
Затронутые продукты
Ссылки
- CVE-2016-4538
- SUSE Bug 978827
- SUSE Bug 980366
Описание
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.
Затронутые продукты
Ссылки
- CVE-2016-4539
- SUSE Bug 978828
- SUSE Bug 980366
Описание
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
Затронутые продукты
Ссылки
- CVE-2016-4540
- SUSE Bug 978829
- SUSE Bug 980366
Описание
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
Затронутые продукты
Ссылки
- CVE-2016-4541
- SUSE Bug 978829
- SUSE Bug 980366
Описание
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Затронутые продукты
Ссылки
- CVE-2016-4542
- SUSE Bug 978830
- SUSE Bug 980366
Описание
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Затронутые продукты
Ссылки
- CVE-2016-4543
- SUSE Bug 978830
- SUSE Bug 980366
Описание
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Затронутые продукты
Ссылки
- CVE-2016-4544
- SUSE Bug 978830
- SUSE Bug 980366