openSUSE-SU-2017:0081-1

Опубликовано: 07 янв. 2017

Источник: suse-cvrf

Описание

Security update for php5

This update for php5 fixes the following issues:

CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187]
CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188]
CVE-2016-9935 Invalid read could lead to crash [bsc#1015189]

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.1

apache2-mod_php5-5.5.14-72.1

php5-5.5.14-72.1

php5-bcmath-5.5.14-72.1

php5-bz2-5.5.14-72.1

php5-calendar-5.5.14-72.1

php5-ctype-5.5.14-72.1

php5-curl-5.5.14-72.1

php5-dba-5.5.14-72.1

php5-devel-5.5.14-72.1

php5-dom-5.5.14-72.1

php5-enchant-5.5.14-72.1

php5-exif-5.5.14-72.1

php5-fastcgi-5.5.14-72.1

php5-fileinfo-5.5.14-72.1

php5-firebird-5.5.14-72.1

php5-fpm-5.5.14-72.1

php5-ftp-5.5.14-72.1

php5-gd-5.5.14-72.1

php5-gettext-5.5.14-72.1

php5-gmp-5.5.14-72.1

php5-iconv-5.5.14-72.1

php5-imap-5.5.14-72.1

php5-intl-5.5.14-72.1

php5-json-5.5.14-72.1

php5-ldap-5.5.14-72.1

php5-mbstring-5.5.14-72.1

php5-mcrypt-5.5.14-72.1

php5-mssql-5.5.14-72.1

php5-mysql-5.5.14-72.1

php5-odbc-5.5.14-72.1

php5-opcache-5.5.14-72.1

php5-openssl-5.5.14-72.1

php5-pcntl-5.5.14-72.1

php5-pdo-5.5.14-72.1

php5-pear-5.5.14-72.1

php5-pgsql-5.5.14-72.1

php5-phar-5.5.14-72.1

php5-posix-5.5.14-72.1

php5-pspell-5.5.14-72.1

php5-readline-5.5.14-72.1

php5-shmop-5.5.14-72.1

php5-snmp-5.5.14-72.1

php5-soap-5.5.14-72.1

php5-sockets-5.5.14-72.1

php5-sqlite-5.5.14-72.1

php5-suhosin-5.5.14-72.1

php5-sysvmsg-5.5.14-72.1

php5-sysvsem-5.5.14-72.1

php5-sysvshm-5.5.14-72.1

php5-tidy-5.5.14-72.1

php5-tokenizer-5.5.14-72.1

php5-wddx-5.5.14-72.1

php5-xmlreader-5.5.14-72.1

php5-xmlrpc-5.5.14-72.1

php5-xmlwriter-5.5.14-72.1

php5-xsl-5.5.14-72.1

php5-zip-5.5.14-72.1

php5-zlib-5.5.14-72.1

openSUSE Leap 42.2

apache2-mod_php5-5.5.14-72.1

php5-5.5.14-72.1

php5-bcmath-5.5.14-72.1

php5-bz2-5.5.14-72.1

php5-calendar-5.5.14-72.1

php5-ctype-5.5.14-72.1

php5-curl-5.5.14-72.1

php5-dba-5.5.14-72.1

php5-devel-5.5.14-72.1

php5-dom-5.5.14-72.1

php5-enchant-5.5.14-72.1

php5-exif-5.5.14-72.1

php5-fastcgi-5.5.14-72.1

php5-fileinfo-5.5.14-72.1

php5-firebird-5.5.14-72.1

php5-fpm-5.5.14-72.1

php5-ftp-5.5.14-72.1

php5-gd-5.5.14-72.1

php5-gettext-5.5.14-72.1

php5-gmp-5.5.14-72.1

php5-iconv-5.5.14-72.1

php5-imap-5.5.14-72.1

php5-intl-5.5.14-72.1

php5-json-5.5.14-72.1

php5-ldap-5.5.14-72.1

php5-mbstring-5.5.14-72.1

php5-mcrypt-5.5.14-72.1

php5-mssql-5.5.14-72.1

php5-mysql-5.5.14-72.1

php5-odbc-5.5.14-72.1

php5-opcache-5.5.14-72.1

php5-openssl-5.5.14-72.1

php5-pcntl-5.5.14-72.1

php5-pdo-5.5.14-72.1

php5-pear-5.5.14-72.1

php5-pgsql-5.5.14-72.1

php5-phar-5.5.14-72.1

php5-posix-5.5.14-72.1

php5-pspell-5.5.14-72.1

php5-readline-5.5.14-72.1

php5-shmop-5.5.14-72.1

php5-snmp-5.5.14-72.1

php5-soap-5.5.14-72.1

php5-sockets-5.5.14-72.1

php5-sqlite-5.5.14-72.1

php5-suhosin-5.5.14-72.1

php5-sysvmsg-5.5.14-72.1

php5-sysvsem-5.5.14-72.1

php5-sysvshm-5.5.14-72.1

php5-tidy-5.5.14-72.1

php5-tokenizer-5.5.14-72.1

php5-wddx-5.5.14-72.1

php5-xmlreader-5.5.14-72.1

php5-xmlrpc-5.5.14-72.1

php5-xmlwriter-5.5.14-72.1

php5-xsl-5.5.14-72.1

php5-zip-5.5.14-72.1

php5-zlib-5.5.14-72.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
E-Mail link for openSUSE-SU-2017:0081-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-72.1

openSUSE Leap 42.1:php5-5.5.14-72.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-72.1

openSUSE Leap 42.1:php5-bz2-5.5.14-72.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9933.html
CVE-2016-9933
https://bugzilla.suse.com/1015187
SUSE Bug 1015187

Описание

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-72.1

openSUSE Leap 42.1:php5-5.5.14-72.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-72.1

openSUSE Leap 42.1:php5-bz2-5.5.14-72.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9934.html
CVE-2016-9934
https://bugzilla.suse.com/1015188
SUSE Bug 1015188

Описание

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.

Затронутые продукты

openSUSE Leap 42.1:apache2-mod_php5-5.5.14-72.1

openSUSE Leap 42.1:php5-5.5.14-72.1

openSUSE Leap 42.1:php5-bcmath-5.5.14-72.1

openSUSE Leap 42.1:php5-bz2-5.5.14-72.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9935.html
CVE-2016-9935
https://bugzilla.suse.com/1015189
SUSE Bug 1015189
https://bugzilla.suse.com/1048097
SUSE Bug 1048097

openSUSE-SU-2017:0081-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-9933

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9934

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-9935

Описание

Затронутые продукты

Ссылки