openSUSE-SU-2016:3095-1

Опубликовано: 12 дек. 2016

Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following issues:

CVE-2016-9137: Use After Free in unserialize() (bsc#1008029)
CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC (bsc#986247)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

apache2-mod_php5-5.5.14-69.1

php5-5.5.14-69.1

php5-bcmath-5.5.14-69.1

php5-bz2-5.5.14-69.1

php5-calendar-5.5.14-69.1

php5-ctype-5.5.14-69.1

php5-curl-5.5.14-69.1

php5-dba-5.5.14-69.1

php5-devel-5.5.14-69.1

php5-dom-5.5.14-69.1

php5-enchant-5.5.14-69.1

php5-exif-5.5.14-69.1

php5-fastcgi-5.5.14-69.1

php5-fileinfo-5.5.14-69.1

php5-firebird-5.5.14-69.1

php5-fpm-5.5.14-69.1

php5-ftp-5.5.14-69.1

php5-gd-5.5.14-69.1

php5-gettext-5.5.14-69.1

php5-gmp-5.5.14-69.1

php5-iconv-5.5.14-69.1

php5-imap-5.5.14-69.1

php5-intl-5.5.14-69.1

php5-json-5.5.14-69.1

php5-ldap-5.5.14-69.1

php5-mbstring-5.5.14-69.1

php5-mcrypt-5.5.14-69.1

php5-mssql-5.5.14-69.1

php5-mysql-5.5.14-69.1

php5-odbc-5.5.14-69.1

php5-opcache-5.5.14-69.1

php5-openssl-5.5.14-69.1

php5-pcntl-5.5.14-69.1

php5-pdo-5.5.14-69.1

php5-pear-5.5.14-69.1

php5-pgsql-5.5.14-69.1

php5-phar-5.5.14-69.1

php5-posix-5.5.14-69.1

php5-pspell-5.5.14-69.1

php5-readline-5.5.14-69.1

php5-shmop-5.5.14-69.1

php5-snmp-5.5.14-69.1

php5-soap-5.5.14-69.1

php5-sockets-5.5.14-69.1

php5-sqlite-5.5.14-69.1

php5-suhosin-5.5.14-69.1

php5-sysvmsg-5.5.14-69.1

php5-sysvsem-5.5.14-69.1

php5-sysvshm-5.5.14-69.1

php5-tidy-5.5.14-69.1

php5-tokenizer-5.5.14-69.1

php5-wddx-5.5.14-69.1

php5-xmlreader-5.5.14-69.1

php5-xmlrpc-5.5.14-69.1

php5-xmlwriter-5.5.14-69.1

php5-xsl-5.5.14-69.1

php5-zip-5.5.14-69.1

php5-zlib-5.5.14-69.1

openSUSE Leap 42.2

apache2-mod_php5-5.5.14-69.1

php5-5.5.14-69.1

php5-bcmath-5.5.14-69.1

php5-bz2-5.5.14-69.1

php5-calendar-5.5.14-69.1

php5-ctype-5.5.14-69.1

php5-curl-5.5.14-69.1

php5-dba-5.5.14-69.1

php5-devel-5.5.14-69.1

php5-dom-5.5.14-69.1

php5-enchant-5.5.14-69.1

php5-exif-5.5.14-69.1

php5-fastcgi-5.5.14-69.1

php5-fileinfo-5.5.14-69.1

php5-firebird-5.5.14-69.1

php5-fpm-5.5.14-69.1

php5-ftp-5.5.14-69.1

php5-gd-5.5.14-69.1

php5-gettext-5.5.14-69.1

php5-gmp-5.5.14-69.1

php5-iconv-5.5.14-69.1

php5-imap-5.5.14-69.1

php5-intl-5.5.14-69.1

php5-json-5.5.14-69.1

php5-ldap-5.5.14-69.1

php5-mbstring-5.5.14-69.1

php5-mcrypt-5.5.14-69.1

php5-mssql-5.5.14-69.1

php5-mysql-5.5.14-69.1

php5-odbc-5.5.14-69.1

php5-opcache-5.5.14-69.1

php5-openssl-5.5.14-69.1

php5-pcntl-5.5.14-69.1

php5-pdo-5.5.14-69.1

php5-pear-5.5.14-69.1

php5-pgsql-5.5.14-69.1

php5-phar-5.5.14-69.1

php5-posix-5.5.14-69.1

php5-pspell-5.5.14-69.1

php5-readline-5.5.14-69.1

php5-shmop-5.5.14-69.1

php5-snmp-5.5.14-69.1

php5-soap-5.5.14-69.1

php5-sockets-5.5.14-69.1

php5-sqlite-5.5.14-69.1

php5-suhosin-5.5.14-69.1

php5-sysvmsg-5.5.14-69.1

php5-sysvsem-5.5.14-69.1

php5-sysvshm-5.5.14-69.1

php5-tidy-5.5.14-69.1

php5-tokenizer-5.5.14-69.1

php5-wddx-5.5.14-69.1

php5-xmlreader-5.5.14-69.1

php5-xmlrpc-5.5.14-69.1

php5-xmlwriter-5.5.14-69.1

php5-xsl-5.5.14-69.1

php5-zip-5.5.14-69.1

php5-zlib-5.5.14-69.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-12/msg00074.html
E-Mail link for openSUSE-SU-2016:3095-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-69.1

openSUSE Leap 42.1:php5-5.5.14-69.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-69.1

openSUSE Leap 42.1:php5-bz2-5.5.14-69.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-5773.html
CVE-2016-5773
https://bugzilla.suse.com/986247
SUSE Bug 986247
https://bugzilla.suse.com/986391
SUSE Bug 986391

Описание

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-69.1

openSUSE Leap 42.1:php5-5.5.14-69.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-69.1

openSUSE Leap 42.1:php5-bz2-5.5.14-69.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9137.html
CVE-2016-9137
https://bugzilla.suse.com/1008026
SUSE Bug 1008026
https://bugzilla.suse.com/1008029
SUSE Bug 1008029

openSUSE-SU-2016:3095-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-5773

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9137

Описание

Затронутые продукты

Ссылки