Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

openSUSE 13.2: 2016:1167-1 Important: Php5 Threats Addressed

opensuse
Calendar Grey April 27, 2016
Dist Opensuse Esm H88
Essential update for openSUSE addresses five vulnerabilities in php7, boosting system safety and reliability for users.
An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata An update that solves 6 vulnerabilities and has one errata is ...

Description

This update for php5 fixes the following security issues:

- bsc#974305: buffer overflow in libmagic

- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792).

- CVE-2015-8835: SoapClient s__call method suffered from type confusion

issue (bnc#973351).

- CVE-2016-3141: A use-after-free / double-free in the WDDX

deserialization could lead to crashes or potential code execution.

[bsc#969821]

- CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead

to crashes. [bsc#971912]

- CVE-2014-9767: A directory traversal when extracting zip files was fixed

that could lead to

overwritten files. [bsc#971612]

- CVE-2016-3185: A type confusion vulnerability in

make_http_soap_request() could lead to crashes or potentially code

execution. [bsc#971611]

Topics%20covered

Topics Covered

security advisory buffer overflow code execution multiple threats important patch php5 openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-516=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

apache2-mod_php5-5.6.1-53.3

apache2-mod_php5-debuginfo-5.6.1-53.3

php5-5.6.1-53.3

php5-bcmath-5.6.1-53.3

php5-bcmath-debuginfo-5.6.1-53.3

php5-bz2-5.6.1-53.3

php5-bz2-debuginfo-5.6.1-53.3

php5-calendar-5.6.1-53.3

php5-calendar-debuginfo-5.6.1-53.3

php5-ctype-5.6.1-53.3

php5-ctype-debuginfo-5.6.1-53.3

php5-curl-5.6.1-53.3

php5-curl-debuginfo-5.6.1-53.3

php5-dba-5.6.1-53.3

php5-dba-debuginfo-5.6.1-53.3

php5-debuginfo-5.6.1-53.3

php5-debugsource-5.6.1-53.3

php5-devel-5.6.1-53.3

php5-dom-5.6.1-53.3

php5-dom-debuginfo-5.6.1-53.3

php5-enchant-5.6.1-53.3

php5-enchant-debuginfo-5.6.1-53.3

php5-exif-5.6.1-53.3

php5-exif-debuginfo-5.6.1-53.3

php5-fastcgi-5.6.1-53.3

php5-fastcgi-debuginfo-5.6.1-53.3

php5-fileinfo-5.6.1-53.3

php5-fileinfo-debuginfo-5.6.1-53.3

php5-firebird-5.6.1-53.3

php5-firebird-debuginfo-5.6.1-53.3

php5-fpm-5.6.1-53.3

php5-fpm-debuginfo-5.6.1-53.3

php5-ftp-5.6.1-53.3

php5-ftp-debuginfo-5.6.1-53.3

php5-gd-5.6.1-53.3

php5-gd-debuginfo-5.6.1-53.3

php5-gettext-5.6.1-53.3

php5-gettext-debu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2014-9767.html

https://www.suse.com/security/cve/CVE-2015-8835.html

https://www.suse.com/security/cve/CVE-2015-8838.html

https://www.suse.com/security/cve/CVE-2016-3141.html

https://www.suse.com/security/cve/CVE-2016-3142.html

https://www.suse.com/security/cve/CVE-2016-3185.html

https://bugzilla.suse.com/969821

https://bugzilla.suse.com/971611

https://bugzilla.suse.com/971612

https://bugzilla.suse.com/971912

https://bugzilla.suse.com/973351

https://bugzilla.suse.com/973792

https://bugzilla.suse.com/974305

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:1167-1
Rating: important
Affected Products: openSUSE 13.2

Topics%20covered

Topics Covered

security advisory buffer overflow code execution multiple threats important patch php5 openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here