Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:3092-1

Опубликовано: 12 дек. 2016
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following security issues:

  • CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486).
  • CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2
apache2-mod_php7-7.0.7-6.2
php7-7.0.7-6.2
php7-bcmath-7.0.7-6.2
php7-bz2-7.0.7-6.2
php7-calendar-7.0.7-6.2
php7-ctype-7.0.7-6.2
php7-curl-7.0.7-6.2
php7-dba-7.0.7-6.2
php7-devel-7.0.7-6.2
php7-dom-7.0.7-6.2
php7-enchant-7.0.7-6.2
php7-exif-7.0.7-6.2
php7-fastcgi-7.0.7-6.2
php7-fileinfo-7.0.7-6.2
php7-firebird-7.0.7-6.2
php7-fpm-7.0.7-6.2
php7-ftp-7.0.7-6.2
php7-gd-7.0.7-6.2
php7-gettext-7.0.7-6.2
php7-gmp-7.0.7-6.2
php7-iconv-7.0.7-6.2
php7-imap-7.0.7-6.2
php7-intl-7.0.7-6.2
php7-json-7.0.7-6.2
php7-ldap-7.0.7-6.2
php7-mbstring-7.0.7-6.2
php7-mcrypt-7.0.7-6.2
php7-mysql-7.0.7-6.2
php7-odbc-7.0.7-6.2
php7-opcache-7.0.7-6.2
php7-openssl-7.0.7-6.2
php7-pcntl-7.0.7-6.2
php7-pdo-7.0.7-6.2
php7-pear-7.0.7-6.2
php7-pear-Archive_Tar-7.0.7-6.2
php7-pgsql-7.0.7-6.2
php7-phar-7.0.7-6.2
php7-posix-7.0.7-6.2
php7-pspell-7.0.7-6.2
php7-readline-7.0.7-6.2
php7-shmop-7.0.7-6.2
php7-snmp-7.0.7-6.2
php7-soap-7.0.7-6.2
php7-sockets-7.0.7-6.2
php7-sqlite-7.0.7-6.2
php7-sysvmsg-7.0.7-6.2
php7-sysvsem-7.0.7-6.2
php7-sysvshm-7.0.7-6.2
php7-tidy-7.0.7-6.2
php7-tokenizer-7.0.7-6.2
php7-wddx-7.0.7-6.2
php7-xmlreader-7.0.7-6.2
php7-xmlrpc-7.0.7-6.2
php7-xmlwriter-7.0.7-6.2
php7-xsl-7.0.7-6.2
php7-zip-7.0.7-6.2
php7-zlib-7.0.7-6.2

Ссылки

Описание

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php7-7.0.7-6.2
openSUSE Leap 42.2:php7-7.0.7-6.2
openSUSE Leap 42.2:php7-bcmath-7.0.7-6.2
openSUSE Leap 42.2:php7-bz2-7.0.7-6.2
Ссылки

Описание

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php7-7.0.7-6.2
openSUSE Leap 42.2:php7-7.0.7-6.2
openSUSE Leap 42.2:php7-bcmath-7.0.7-6.2
openSUSE Leap 42.2:php7-bz2-7.0.7-6.2
Ссылки