openSUSE 13.2: 2015:1628-1 Critical: PHP5 Remote Code Execution
opensuse
September 25, 2015
An update that solves 8 vulnerabilities and has one errata An update that solves 8 vulnerabilities and has one errata An update that solves 8 vulnerabilities and has one errata is ...
Description
The PHP5 script interpreter was updated to fix various security issues:
* CVE-2015-6831: A use after free vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#942291] [bnc#942294] [bnc#942295]
* CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject
items could be used to crash php or potentially execute code.
[bnc#942293]
* CVE-2015-6833: A directory traversal when extracting ZIP files could be
used to overwrite files outside of intended area. [bnc#942296]
* CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#945403]
* CVE-2015-6835: A Use After Free Vulnerability in session unserialize()
has been fixed which could be used to crash php or potentially execute
code. [bnc#945402]
* CVE-2015-6836: A SOAP serialize_function_call() type confusion leading
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2015-609=1
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-609=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
apache2-mod_php5-5.6.1-36.1
apache2-mod_php5-debuginfo-5.6.1-36.1
php5-5.6.1-36.1
php5-bcmath-5.6.1-36.1
php5-bcmath-debuginfo-5.6.1-36.1
php5-bz2-5.6.1-36.1
php5-bz2-debuginfo-5.6.1-36.1
php5-calendar-5.6.1-36.1
php5-calendar-debuginfo-5.6.1-36.1
php5-ctype-5.6.1-36.1
php5-ctype-debuginfo-5.6.1-36.1
php5-curl-5.6.1-36.1
php5-curl-debuginfo-5.6.1-36.1
php5-dba-5.6.1-36.1
php5-dba-debuginfo-5.6.1-36.1
php5-debuginfo-5.6.1-36.1
php5-debugsource-5.6.1-36.1
php5-devel-5.6.1-36.1
php5-dom-5.6.1-36.1
php5-dom-debuginfo-5.6.1-36.1
php5-enchant-5.6.1-36.1
php5-enchant-debuginfo-5.6.1-36.1
php5-exif-5.6.1-36.1
php5-exif-debuginfo-5.6.1-36.1
php5-fastcgi-5.6.1-36.1
php5-fastcgi-debuginfo-5.6.1-36.1
php5-fileinfo-5.6.1-36.1
php5-fileinfo-debuginfo-5.6.1-36.1
php5-firebird-5.6.1-36.1
php5-firebird-debuginfo-5.6.1-36.1
php5-fpm-5.6.1-36.1
php5-fpm-debuginfo-5.6.1-36.1
php5-ftp-5.6.1-36.1
php5-ftp-debuginfo-5.6.1-36.1
php5-gd-5.6.1-36.1
php5-gd-debuginfo-5.6.1-36.1
php5-gettext-5.6.1-36.1
php5-gettext-debu...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2015-6831.html
https://www.suse.com/security/cve/CVE-2015-6832.html
https://www.suse.com/security/cve/CVE-2015-6833.html
https://www.suse.com/security/cve/CVE-2015-6834.html
https://www.suse.com/security/cve/CVE-2015-6835.html
https://www.suse.com/security/cve/CVE-2015-6836.html
https://www.suse.com/security/cve/CVE-2015-6837.html
https://www.suse.com/security/cve/CVE-2015-6838.html
https://bugzilla.suse.com/show_bug.cgi?id=942291
https://bugzilla.suse.com/show_bug.cgi?id=942293
https://bugzilla.suse.com/show_bug.cgi?id=942294
https://bugzilla.suse.com/show_bug.cgi?id=942295
https://bugzilla.suse.com/show_bug.cgi?id=942296
https://bugzilla.suse.com/show_bug.cgi?id=945402
https://bugzilla.suse.com/show_bug.cgi?id=945403
https://bugzilla.suse.com/show_bug.cgi?id=945412
https://bugzilla.suse.com/show_bug.cgi?id=945428
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2015:1628-1
Rating: important
Affected Products:
openSUSE 13.2
openSUSE 13.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!