Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:2837-1

Опубликовано: 17 нояб. 2016
Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following security issues:

  • CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900)
  • CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924)
  • CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2
apache2-mod_php5-5.5.14-65.1
php5-5.5.14-65.1
php5-bcmath-5.5.14-65.1
php5-bz2-5.5.14-65.1
php5-calendar-5.5.14-65.1
php5-ctype-5.5.14-65.1
php5-curl-5.5.14-65.1
php5-dba-5.5.14-65.1
php5-devel-5.5.14-65.1
php5-dom-5.5.14-65.1
php5-enchant-5.5.14-65.1
php5-exif-5.5.14-65.1
php5-fastcgi-5.5.14-65.1
php5-fileinfo-5.5.14-65.1
php5-firebird-5.5.14-65.1
php5-fpm-5.5.14-65.1
php5-ftp-5.5.14-65.1
php5-gd-5.5.14-65.1
php5-gettext-5.5.14-65.1
php5-gmp-5.5.14-65.1
php5-iconv-5.5.14-65.1
php5-imap-5.5.14-65.1
php5-intl-5.5.14-65.1
php5-json-5.5.14-65.1
php5-ldap-5.5.14-65.1
php5-mbstring-5.5.14-65.1
php5-mcrypt-5.5.14-65.1
php5-mssql-5.5.14-65.1
php5-mysql-5.5.14-65.1
php5-odbc-5.5.14-65.1
php5-opcache-5.5.14-65.1
php5-openssl-5.5.14-65.1
php5-pcntl-5.5.14-65.1
php5-pdo-5.5.14-65.1
php5-pear-5.5.14-65.1
php5-pgsql-5.5.14-65.1
php5-phar-5.5.14-65.1
php5-posix-5.5.14-65.1
php5-pspell-5.5.14-65.1
php5-readline-5.5.14-65.1
php5-shmop-5.5.14-65.1
php5-snmp-5.5.14-65.1
php5-soap-5.5.14-65.1
php5-sockets-5.5.14-65.1
php5-sqlite-5.5.14-65.1
php5-suhosin-5.5.14-65.1
php5-sysvmsg-5.5.14-65.1
php5-sysvsem-5.5.14-65.1
php5-sysvshm-5.5.14-65.1
php5-tidy-5.5.14-65.1
php5-tokenizer-5.5.14-65.1
php5-wddx-5.5.14-65.1
php5-xmlreader-5.5.14-65.1
php5-xmlrpc-5.5.14-65.1
php5-xmlwriter-5.5.14-65.1
php5-xsl-5.5.14-65.1
php5-zip-5.5.14-65.1
php5-zlib-5.5.14-65.1

Ссылки

Описание

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php5-5.5.14-65.1
openSUSE Leap 42.2:php5-5.5.14-65.1
openSUSE Leap 42.2:php5-bcmath-5.5.14-65.1
openSUSE Leap 42.2:php5-bz2-5.5.14-65.1
Ссылки

Описание

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php5-5.5.14-65.1
openSUSE Leap 42.2:php5-5.5.14-65.1
openSUSE Leap 42.2:php5-bcmath-5.5.14-65.1
openSUSE Leap 42.2:php5-bz2-5.5.14-65.1
Ссылки

Описание

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php5-5.5.14-65.1
openSUSE Leap 42.2:php5-5.5.14-65.1
openSUSE Leap 42.2:php5-bcmath-5.5.14-65.1
openSUSE Leap 42.2:php5-bz2-5.5.14-65.1
Ссылки
Уязвимость openSUSE-SU-2016:2837-1