Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3240-1

Опубликовано: 08 дек. 2017
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

Security issues fixed:

  • CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441).
  • CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631).
  • CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606).

Bugs fixed:

  • Fix wrong reference when serialize/unserialize an object (bsc#1063815).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2
apache2-mod_php7-7.0.7-25.1
php7-7.0.7-25.1
php7-bcmath-7.0.7-25.1
php7-bz2-7.0.7-25.1
php7-calendar-7.0.7-25.1
php7-ctype-7.0.7-25.1
php7-curl-7.0.7-25.1
php7-dba-7.0.7-25.1
php7-devel-7.0.7-25.1
php7-dom-7.0.7-25.1
php7-enchant-7.0.7-25.1
php7-exif-7.0.7-25.1
php7-fastcgi-7.0.7-25.1
php7-fileinfo-7.0.7-25.1
php7-firebird-7.0.7-25.1
php7-fpm-7.0.7-25.1
php7-ftp-7.0.7-25.1
php7-gd-7.0.7-25.1
php7-gettext-7.0.7-25.1
php7-gmp-7.0.7-25.1
php7-iconv-7.0.7-25.1
php7-imap-7.0.7-25.1
php7-intl-7.0.7-25.1
php7-json-7.0.7-25.1
php7-ldap-7.0.7-25.1
php7-mbstring-7.0.7-25.1
php7-mcrypt-7.0.7-25.1
php7-mysql-7.0.7-25.1
php7-odbc-7.0.7-25.1
php7-opcache-7.0.7-25.1
php7-openssl-7.0.7-25.1
php7-pcntl-7.0.7-25.1
php7-pdo-7.0.7-25.1
php7-pear-7.0.7-25.1
php7-pear-Archive_Tar-7.0.7-25.1
php7-pgsql-7.0.7-25.1
php7-phar-7.0.7-25.1
php7-posix-7.0.7-25.1
php7-pspell-7.0.7-25.1
php7-readline-7.0.7-25.1
php7-shmop-7.0.7-25.1
php7-snmp-7.0.7-25.1
php7-soap-7.0.7-25.1
php7-sockets-7.0.7-25.1
php7-sqlite-7.0.7-25.1
php7-sysvmsg-7.0.7-25.1
php7-sysvsem-7.0.7-25.1
php7-sysvshm-7.0.7-25.1
php7-tidy-7.0.7-25.1
php7-tokenizer-7.0.7-25.1
php7-wddx-7.0.7-25.1
php7-xmlreader-7.0.7-25.1
php7-xmlrpc-7.0.7-25.1
php7-xmlwriter-7.0.7-25.1
php7-xsl-7.0.7-25.1
php7-zip-7.0.7-25.1
php7-zlib-7.0.7-25.1
openSUSE Leap 42.3
apache2-mod_php7-7.0.7-25.1
php7-7.0.7-25.1
php7-bcmath-7.0.7-25.1
php7-bz2-7.0.7-25.1
php7-calendar-7.0.7-25.1
php7-ctype-7.0.7-25.1
php7-curl-7.0.7-25.1
php7-dba-7.0.7-25.1
php7-devel-7.0.7-25.1
php7-dom-7.0.7-25.1
php7-enchant-7.0.7-25.1
php7-exif-7.0.7-25.1
php7-fastcgi-7.0.7-25.1
php7-fileinfo-7.0.7-25.1
php7-firebird-7.0.7-25.1
php7-fpm-7.0.7-25.1
php7-ftp-7.0.7-25.1
php7-gd-7.0.7-25.1
php7-gettext-7.0.7-25.1
php7-gmp-7.0.7-25.1
php7-iconv-7.0.7-25.1
php7-imap-7.0.7-25.1
php7-intl-7.0.7-25.1
php7-json-7.0.7-25.1
php7-ldap-7.0.7-25.1
php7-mbstring-7.0.7-25.1
php7-mcrypt-7.0.7-25.1
php7-mysql-7.0.7-25.1
php7-odbc-7.0.7-25.1
php7-opcache-7.0.7-25.1
php7-openssl-7.0.7-25.1
php7-pcntl-7.0.7-25.1
php7-pdo-7.0.7-25.1
php7-pear-7.0.7-25.1
php7-pear-Archive_Tar-7.0.7-25.1
php7-pgsql-7.0.7-25.1
php7-phar-7.0.7-25.1
php7-posix-7.0.7-25.1
php7-pspell-7.0.7-25.1
php7-readline-7.0.7-25.1
php7-shmop-7.0.7-25.1
php7-snmp-7.0.7-25.1
php7-soap-7.0.7-25.1
php7-sockets-7.0.7-25.1
php7-sqlite-7.0.7-25.1
php7-sysvmsg-7.0.7-25.1
php7-sysvsem-7.0.7-25.1
php7-sysvshm-7.0.7-25.1
php7-tidy-7.0.7-25.1
php7-tokenizer-7.0.7-25.1
php7-wddx-7.0.7-25.1
php7-xmlreader-7.0.7-25.1
php7-xmlrpc-7.0.7-25.1
php7-xmlwriter-7.0.7-25.1
php7-xsl-7.0.7-25.1
php7-zip-7.0.7-25.1
php7-zlib-7.0.7-25.1

Ссылки

Описание

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php7-7.0.7-25.1
openSUSE Leap 42.2:php7-7.0.7-25.1
openSUSE Leap 42.2:php7-bcmath-7.0.7-25.1
openSUSE Leap 42.2:php7-bz2-7.0.7-25.1
Ссылки

Описание

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php7-7.0.7-25.1
openSUSE Leap 42.2:php7-7.0.7-25.1
openSUSE Leap 42.2:php7-bcmath-7.0.7-25.1
openSUSE Leap 42.2:php7-bz2-7.0.7-25.1
Ссылки

Описание

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.

Затронутые продукты
openSUSE Leap 42.2:apache2-mod_php7-7.0.7-25.1
openSUSE Leap 42.2:php7-7.0.7-25.1
openSUSE Leap 42.2:php7-bcmath-7.0.7-25.1
openSUSE Leap 42.2:php7-bz2-7.0.7-25.1
Ссылки
Уязвимость openSUSE-SU-2017:3240-1