Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

openSUSE 13.2: openSUSE-SU-2016:2337-1 Important: php5 Security Fix

opensuse
Calendar Grey September 19, 2016
Dist Opensuse Esm H88
This Fedora security patch resolves 8 vulnerabilities in mysql with critical updates and installation guidance.
An update that fixes 10 vulnerabilities is now available.

Description

This update for php5 fixes the following security issues:

* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()

in Deserialization

* CVE-2016-7125: PHP Session Data Injection Vulnerability

* CVE-2016-7126: select_colors write out-of-bounds

* CVE-2016-7127: imagegammacorrect allowed arbitrary write access

* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF

* CVE-2016-7129: wddx_deserialize allowed illegal memory access

* CVE-2016-7130: wddx_deserialize null dereference

* CVE-2016-7131: wddx_deserialize null dereference with invalid xml

* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element

* CVE-2016-7134: Heap overflow in the function curl_escape

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1095=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

apache2-mod_php5-5.6.1-75.2

apache2-mod_php5-debuginfo-5.6.1-75.2

php5-5.6.1-75.2

php5-bcmath-5.6.1-75.2

php5-bcmath-debuginfo-5.6.1-75.2

php5-bz2-5.6.1-75.2

php5-bz2-debuginfo-5.6.1-75.2

php5-calendar-5.6.1-75.2

php5-calendar-debuginfo-5.6.1-75.2

php5-ctype-5.6.1-75.2

php5-ctype-debuginfo-5.6.1-75.2

php5-curl-5.6.1-75.2

php5-curl-debuginfo-5.6.1-75.2

php5-dba-5.6.1-75.2

php5-dba-debuginfo-5.6.1-75.2

php5-debuginfo-5.6.1-75.2

php5-debugsource-5.6.1-75.2

php5-devel-5.6.1-75.2

php5-dom-5.6.1-75.2

php5-dom-debuginfo-5.6.1-75.2

php5-enchant-5.6.1-75.2

php5-enchant-debuginfo-5.6.1-75.2

php5-exif-5.6.1-75.2

php5-exif-debuginfo-5.6.1-75.2

php5-fastcgi-5.6.1-75.2

php5-fastcgi-debuginfo-5.6.1-75.2

php5-fileinfo-5.6.1-75.2

php5-fileinfo-debuginfo-5.6.1-75.2

php5-firebird-5.6.1-75.2

php5-firebird-debuginfo-5.6.1-75.2

php5-fpm-5.6.1-75.2

php5-fpm-debuginfo-5.6.1-75.2

php5-ftp-5.6.1-75.2

php5-ftp-debuginfo-5.6.1-75.2

php5-gd-5.6.1-75.2

php5-gd-debuginfo-5.6.1-75.2

php5-gettext-5.6.1-75.2

php5-gettext-debu...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2016-7124.html

https://www.suse.com/security/cve/CVE-2016-7125.html

https://www.suse.com/security/cve/CVE-2016-7126.html

https://www.suse.com/security/cve/CVE-2016-7127.html

https://www.suse.com/security/cve/CVE-2016-7128.html

https://www.suse.com/security/cve/CVE-2016-7129.html

https://www.suse.com/security/cve/CVE-2016-7130.html

https://www.suse.com/security/cve/CVE-2016-7131.html

https://www.suse.com/security/cve/CVE-2016-7132.html

https://www.suse.com/security/cve/CVE-2016-7134.html

https://bugzilla.suse.com/997206

https://bugzilla.suse.com/997207

https://bugzilla.suse.com/997208

https://bugzilla.suse.com/997210

https://bugzilla.suse.com/997211

https://bugzilla.suse.com/997220

https://bugzilla.suse.com/997225

https://bugzilla.suse.com/997230

https://bugzilla.suse.com/997248

https://bugzilla.suse.com/997257

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2016:2337-1
Rating: important
Affected Products: openSUSE 13.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.