Security update for php5
Announcement ID: | SUSE-SU-2016:2408-1 |
---|---|
Rating: | important |
References: | |
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 24 vulnerabilities can now be installed.
Description:
This update for php5 fixes the following security issues:
- CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
- CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
- CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]
- CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]
- CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]
- CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]
- CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]
- CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]
- CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
- CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]
- CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]
- CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530]
- CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433]
- CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
- CVE-2016-7125: PHP Session Data Injection Vulnerability
- CVE-2016-7126: select_colors write out-of-bounds
- CVE-2016-7127: imagegammacorrect allowed arbitrary write access
- CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
- CVE-2016-7129: wddx_deserialize allowed illegal memory access
- CVE-2016-7130: wddx_deserialize null dereference
- CVE-2016-7131: wddx_deserialize null dereference with invalid xml
- CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
- CVE-2016-7134: Heap overflow in the function curl_escape
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Web and Scripting Module 12
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1403=1
-
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1403=1
Package List:
-
Web and Scripting Module 12 (ppc64le s390x x86_64)
- php5-phar-5.5.14-73.1
- php5-shmop-5.5.14-73.1
- php5-xmlwriter-debuginfo-5.5.14-73.1
- php5-ldap-debuginfo-5.5.14-73.1
- php5-ftp-debuginfo-5.5.14-73.1
- php5-tokenizer-debuginfo-5.5.14-73.1
- apache2-mod_php5-5.5.14-73.1
- php5-zip-debuginfo-5.5.14-73.1
- php5-json-5.5.14-73.1
- php5-calendar-5.5.14-73.1
- php5-xmlrpc-debuginfo-5.5.14-73.1
- php5-pspell-5.5.14-73.1
- php5-curl-5.5.14-73.1
- php5-iconv-5.5.14-73.1
- php5-wddx-debuginfo-5.5.14-73.1
- php5-gettext-debuginfo-5.5.14-73.1
- php5-opcache-debuginfo-5.5.14-73.1
- php5-dba-5.5.14-73.1
- php5-fpm-5.5.14-73.1
- php5-enchant-5.5.14-73.1
- php5-sysvsem-5.5.14-73.1
- php5-zip-5.5.14-73.1
- php5-dom-debuginfo-5.5.14-73.1
- php5-sockets-5.5.14-73.1
- php5-pdo-debuginfo-5.5.14-73.1
- php5-dba-debuginfo-5.5.14-73.1
- php5-xmlrpc-5.5.14-73.1
- php5-mysql-5.5.14-73.1
- php5-sysvshm-debuginfo-5.5.14-73.1
- php5-pgsql-5.5.14-73.1
- php5-sysvmsg-debuginfo-5.5.14-73.1
- php5-debuginfo-5.5.14-73.1
- php5-bz2-5.5.14-73.1
- php5-xmlreader-5.5.14-73.1
- php5-snmp-debuginfo-5.5.14-73.1
- php5-openssl-debuginfo-5.5.14-73.1
- php5-pcntl-5.5.14-73.1
- php5-odbc-5.5.14-73.1
- php5-xsl-debuginfo-5.5.14-73.1
- php5-curl-debuginfo-5.5.14-73.1
- php5-suhosin-debuginfo-5.5.14-73.1
- php5-exif-debuginfo-5.5.14-73.1
- php5-shmop-debuginfo-5.5.14-73.1
- php5-zlib-debuginfo-5.5.14-73.1
- php5-ldap-5.5.14-73.1
- php5-zlib-5.5.14-73.1
- php5-sqlite-debuginfo-5.5.14-73.1
- php5-xsl-5.5.14-73.1
- php5-tokenizer-5.5.14-73.1
- php5-opcache-5.5.14-73.1
- php5-sysvmsg-5.5.14-73.1
- php5-openssl-5.5.14-73.1
- php5-pdo-5.5.14-73.1
- php5-xmlreader-debuginfo-5.5.14-73.1
- php5-fpm-debuginfo-5.5.14-73.1
- php5-json-debuginfo-5.5.14-73.1
- php5-exif-5.5.14-73.1
- php5-enchant-debuginfo-5.5.14-73.1
- php5-gmp-5.5.14-73.1
- php5-pgsql-debuginfo-5.5.14-73.1
- php5-5.5.14-73.1
- php5-bcmath-debuginfo-5.5.14-73.1
- php5-calendar-debuginfo-5.5.14-73.1
- php5-pcntl-debuginfo-5.5.14-73.1
- php5-bcmath-5.5.14-73.1
- php5-posix-5.5.14-73.1
- php5-soap-debuginfo-5.5.14-73.1
- php5-gd-debuginfo-5.5.14-73.1
- php5-ftp-5.5.14-73.1
- php5-soap-5.5.14-73.1
- php5-odbc-debuginfo-5.5.14-73.1
- php5-ctype-5.5.14-73.1
- php5-gettext-5.5.14-73.1
- php5-gd-5.5.14-73.1
- php5-fastcgi-debuginfo-5.5.14-73.1
- php5-sysvshm-5.5.14-73.1
- php5-mysql-debuginfo-5.5.14-73.1
- php5-phar-debuginfo-5.5.14-73.1
- php5-fileinfo-debuginfo-5.5.14-73.1
- php5-mbstring-5.5.14-73.1
- php5-imap-debuginfo-5.5.14-73.1
- php5-intl-5.5.14-73.1
- php5-mcrypt-debuginfo-5.5.14-73.1
- php5-bz2-debuginfo-5.5.14-73.1
- php5-ctype-debuginfo-5.5.14-73.1
- php5-debugsource-5.5.14-73.1
- php5-suhosin-5.5.14-73.1
- apache2-mod_php5-debuginfo-5.5.14-73.1
- php5-fileinfo-5.5.14-73.1
- php5-wddx-5.5.14-73.1
- php5-sysvsem-debuginfo-5.5.14-73.1
- php5-posix-debuginfo-5.5.14-73.1
- php5-mbstring-debuginfo-5.5.14-73.1
- php5-sockets-debuginfo-5.5.14-73.1
- php5-intl-debuginfo-5.5.14-73.1
- php5-iconv-debuginfo-5.5.14-73.1
- php5-fastcgi-5.5.14-73.1
- php5-gmp-debuginfo-5.5.14-73.1
- php5-snmp-5.5.14-73.1
- php5-imap-5.5.14-73.1
- php5-mcrypt-5.5.14-73.1
- php5-xmlwriter-5.5.14-73.1
- php5-sqlite-5.5.14-73.1
- php5-pspell-debuginfo-5.5.14-73.1
- php5-dom-5.5.14-73.1
-
Web and Scripting Module 12 (noarch)
- php5-pear-5.5.14-73.1
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- php5-debuginfo-5.5.14-73.1
- php5-debugsource-5.5.14-73.1
- php5-devel-5.5.14-73.1
References:
- https://www.suse.com/security/cve/CVE-2014-3587.html
- https://www.suse.com/security/cve/CVE-2016-3587.html
- https://www.suse.com/security/cve/CVE-2016-5399.html
- https://www.suse.com/security/cve/CVE-2016-6128.html
- https://www.suse.com/security/cve/CVE-2016-6161.html
- https://www.suse.com/security/cve/CVE-2016-6207.html
- https://www.suse.com/security/cve/CVE-2016-6288.html
- https://www.suse.com/security/cve/CVE-2016-6289.html
- https://www.suse.com/security/cve/CVE-2016-6290.html
- https://www.suse.com/security/cve/CVE-2016-6291.html
- https://www.suse.com/security/cve/CVE-2016-6292.html
- https://www.suse.com/security/cve/CVE-2016-6295.html
- https://www.suse.com/security/cve/CVE-2016-6296.html
- https://www.suse.com/security/cve/CVE-2016-6297.html
- https://www.suse.com/security/cve/CVE-2016-7124.html
- https://www.suse.com/security/cve/CVE-2016-7125.html
- https://www.suse.com/security/cve/CVE-2016-7126.html
- https://www.suse.com/security/cve/CVE-2016-7127.html
- https://www.suse.com/security/cve/CVE-2016-7128.html
- https://www.suse.com/security/cve/CVE-2016-7129.html
- https://www.suse.com/security/cve/CVE-2016-7130.html
- https://www.suse.com/security/cve/CVE-2016-7131.html
- https://www.suse.com/security/cve/CVE-2016-7132.html
- https://www.suse.com/security/cve/CVE-2016-7134.html
- https://bugzilla.suse.com/show_bug.cgi?id=987530
- https://bugzilla.suse.com/show_bug.cgi?id=987580
- https://bugzilla.suse.com/show_bug.cgi?id=988032
- https://bugzilla.suse.com/show_bug.cgi?id=991422
- https://bugzilla.suse.com/show_bug.cgi?id=991424
- https://bugzilla.suse.com/show_bug.cgi?id=991426
- https://bugzilla.suse.com/show_bug.cgi?id=991427
- https://bugzilla.suse.com/show_bug.cgi?id=991428
- https://bugzilla.suse.com/show_bug.cgi?id=991429
- https://bugzilla.suse.com/show_bug.cgi?id=991430
- https://bugzilla.suse.com/show_bug.cgi?id=991433
- https://bugzilla.suse.com/show_bug.cgi?id=991434
- https://bugzilla.suse.com/show_bug.cgi?id=991437
- https://bugzilla.suse.com/show_bug.cgi?id=997206
- https://bugzilla.suse.com/show_bug.cgi?id=997207
- https://bugzilla.suse.com/show_bug.cgi?id=997208
- https://bugzilla.suse.com/show_bug.cgi?id=997210
- https://bugzilla.suse.com/show_bug.cgi?id=997211
- https://bugzilla.suse.com/show_bug.cgi?id=997220
- https://bugzilla.suse.com/show_bug.cgi?id=997225
- https://bugzilla.suse.com/show_bug.cgi?id=997230
- https://bugzilla.suse.com/show_bug.cgi?id=997248
- https://bugzilla.suse.com/show_bug.cgi?id=997257