Описание
Security update for php5
This update for php5 fixes the following security issues:
- CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
- CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
- CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]
- CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]
- CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]
- CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]
- CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]
- CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]
- CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
- CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]
- CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]
- CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530]
- CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433]
- CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
- CVE-2016-7125: PHP Session Data Injection Vulnerability
- CVE-2016-7126: select_colors write out-of-bounds
- CVE-2016-7127: imagegammacorrect allowed arbitrary write access
- CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
- CVE-2016-7129: wddx_deserialize allowed illegal memory access
- CVE-2016-7130: wddx_deserialize null dereference
- CVE-2016-7131: wddx_deserialize null dereference with invalid xml
- CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
- CVE-2016-7134: Heap overflow in the function curl_escape
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2451-1
- SUSE Security Ratings
Описание
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
Затронутые продукты
Ссылки
- CVE-2014-3587
- SUSE Bug 987530
- SUSE Bug 998845
Описание
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
Затронутые продукты
Ссылки
- CVE-2016-3587
- SUSE Bug 989721
- SUSE Bug 998845
Описание
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
Затронутые продукты
Ссылки
- CVE-2016-5399
- SUSE Bug 991430
Описание
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
Затронутые продукты
Ссылки
- CVE-2016-6128
- SUSE Bug 987580
- SUSE Bug 991710
Описание
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Затронутые продукты
Ссылки
- CVE-2016-6161
- SUSE Bug 988032
Описание
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-6207
- SUSE Bug 991434
- SUSE Bug 991622
Описание
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
Затронутые продукты
Ссылки
- CVE-2016-6288
- SUSE Bug 991433
Описание
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.
Затронутые продукты
Ссылки
- CVE-2016-6289
- SUSE Bug 991428
Описание
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
Затронутые продукты
Ссылки
- CVE-2016-6290
- SUSE Bug 991429
Описание
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2016-6291
- SUSE Bug 991427
Описание
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
Затронутые продукты
Ссылки
- CVE-2016-6292
- SUSE Bug 991422
Описание
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.
Затронутые продукты
Ссылки
- CVE-2016-6295
- SUSE Bug 991424
Описание
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.
Затронутые продукты
Ссылки
- CVE-2016-6296
- SUSE Bug 991437
Описание
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.
Затронутые продукты
Ссылки
- CVE-2016-6297
- SUSE Bug 991426
Описание
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
Затронутые продукты
Ссылки
- CVE-2016-7124
- SUSE Bug 997206
Описание
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
Затронутые продукты
Ссылки
- CVE-2016-7125
- SUSE Bug 997207
Описание
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
Затронутые продукты
Ссылки
- CVE-2016-7126
- SUSE Bug 997208
Описание
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
Затронутые продукты
Ссылки
- CVE-2016-7127
- SUSE Bug 997210
Описание
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-7128
- SUSE Bug 997211
Описание
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7129
- SUSE Bug 997220
Описание
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-7130
- SUSE Bug 997257
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
Затронутые продукты
Ссылки
- CVE-2016-7131
- SUSE Bug 997225
Описание
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Затронутые продукты
Ссылки
- CVE-2016-7132
- SUSE Bug 997230
Описание
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
Затронутые продукты
Ссылки
- CVE-2016-7134
- SUSE Bug 997248