Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

openSUSE: 2015:0855-1 Important: PHP Bug Fixes Overview

opensuse
Calendar Grey May 12, 2015
Dist Opensuse Esm H88
Ensure the security of your systems with the latest openSUSE update addressing three critical PHP vulnerabilities that could lead to attacks
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Description

PHP was updated to fix three security issues.

The following vulnerabilities were fixed:

* CVE-2015-3330: Specially crafted PHAR files could, when executed under

Apache httpd 2.4 (apache2handler), allow arbitrary code execution

(bnc#928506)

* CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of

sensitive information due to a buffer overflow (bnc#928506)

* CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of

sensitive information due to a buffer over-read (bnc#928511)

On openSUSE 13.2, the following bug was fixed:

* boo#927147: php5-fpm did not start correctly

Topics%20covered

Topics Covered

security advisory buffer overflow code execution php bug fix important openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-352=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-352=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

apache2-mod_php5-5.6.1-21.1

apache2-mod_php5-debuginfo-5.6.1-21.1

php5-5.6.1-21.1

php5-bcmath-5.6.1-21.1

php5-bcmath-debuginfo-5.6.1-21.1

php5-bz2-5.6.1-21.1

php5-bz2-debuginfo-5.6.1-21.1

php5-calendar-5.6.1-21.1

php5-calendar-debuginfo-5.6.1-21.1

php5-ctype-5.6.1-21.1

php5-ctype-debuginfo-5.6.1-21.1

php5-curl-5.6.1-21.1

php5-curl-debuginfo-5.6.1-21.1

php5-dba-5.6.1-21.1

php5-dba-debuginfo-5.6.1-21.1

php5-debuginfo-5.6.1-21.1

php5-debugsource-5.6.1-21.1

php5-devel-5.6.1-21.1

php5-dom-5.6.1-21.1

php5-dom-debuginfo-5.6.1-21.1

php5-enchant-5.6.1-21.1

php5-enchant-debuginfo-5.6.1-21.1

php5-exif-5.6.1-21.1

php5-exif-debuginfo-5.6.1-21.1

php5-fastcgi-5.6.1-21.1

php5-fastcgi-debuginfo-5.6.1-21.1

php5-fileinfo-5.6.1-21.1

php5-fileinfo-debuginfo-5.6.1-21.1

php5-firebird-5.6.1-21.1

php5-firebird-debuginfo-5.6.1-21.1

php5-fpm-5.6.1-21.1

php5-fpm-debuginfo-5.6.1-21.1

php5-ftp-5.6.1-21.1

php5-ftp-debuginfo-5.6.1-21.1

php5-gd-5.6.1-21.1

php5-gd-debuginfo-5.6.1-21.1

php5-gettext-5.6.1-21.1

php5-gettext-debu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2015-2783.html

https://www.suse.com/security/cve/CVE-2015-3329.html

https://www.suse.com/security/cve/CVE-2015-3330.html

https://bugzilla.suse.com/927147

https://bugzilla.suse.com/928408

https://bugzilla.suse.com/928506

https://bugzilla.suse.com/928511

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2015:0855-1
Rating: important
Affected Products: openSUSE 13.2 openSUSE 13.1

Topics%20covered

Topics Covered

security advisory buffer overflow code execution php bug fix important openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here