openSUSE Security Update: Security update for php5
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:2451-1
Rating:             important
References:         #987530 #987580 #988032 #991422 #991424 #991426 
                    #991427 #991428 #991429 #991430 #991433 #991434 
                    #991437 #997206 #997207 #997208 #997210 #997211 
                    #997220 #997225 #997230 #997248 #997257 
Cross-References:   CVE-2014-3587 CVE-2016-3587 CVE-2016-5399
                    CVE-2016-6128 CVE-2016-6161 CVE-2016-6207
                    CVE-2016-6288 CVE-2016-6289 CVE-2016-6290
                    CVE-2016-6291 CVE-2016-6292 CVE-2016-6295
                    CVE-2016-6296 CVE-2016-6297 CVE-2016-7124
                    CVE-2016-7125 CVE-2016-7126 CVE-2016-7127
                    CVE-2016-7128 CVE-2016-7129 CVE-2016-7130
                    CVE-2016-7131 CVE-2016-7132 CVE-2016-7134
                   
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes 24 vulnerabilities is now available.

Description:


   This update for php5 fixes the following security issues:

   * CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
   * CVE-2016-6161: global out of bounds read when encoding gif from
     malformed input withgd2togif [bsc#988032]
   * CVE-2016-6292: Null pointer dereference in exif_process_user_comment
     [bsc#991422]
   * CVE-2016-6295: Use after free in SNMP with GC and unserialize()
     [bsc#991424]
   * CVE-2016-6297: Stack-based buffer overflow vulnerability in
     php_stream_zip_opener [bsc#991426]
   * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
     [bsc#991427]
   * CVE-2016-6289: Integer overflow leads to buffer overflow in
     virtual_file_ex [bsc#991428]
   * CVE-2016-6290: Use after free in unserialize() with Unexpected Session
     Deserialization [bsc#991429]
   * CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
   * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn
     in simplestring.c [bsc#991437]
   * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
     [bsc#991434]
   * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting
     SLES11 SP3 [bsc#987530]
   * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433]
   * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()
     in Deserialization
   * CVE-2016-7125: PHP Session Data Injection Vulnerability
   * CVE-2016-7126: select_colors write out-of-bounds
   * CVE-2016-7127: imagegammacorrect allowed arbitrary write access
   * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
   * CVE-2016-7129: wddx_deserialize allowed illegal memory access
   * CVE-2016-7130: wddx_deserialize null dereference
   * CVE-2016-7131: wddx_deserialize null dereference with invalid xml
   * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
   * CVE-2016-7134: Heap overflow in the function curl_escape

   This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-1156=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      apache2-mod_php5-5.5.14-59.1
      apache2-mod_php5-debuginfo-5.5.14-59.1
      php5-5.5.14-59.1
      php5-bcmath-5.5.14-59.1
      php5-bcmath-debuginfo-5.5.14-59.1
      php5-bz2-5.5.14-59.1
      php5-bz2-debuginfo-5.5.14-59.1
      php5-calendar-5.5.14-59.1
      php5-calendar-debuginfo-5.5.14-59.1
      php5-ctype-5.5.14-59.1
      php5-ctype-debuginfo-5.5.14-59.1
      php5-curl-5.5.14-59.1
      php5-curl-debuginfo-5.5.14-59.1
      php5-dba-5.5.14-59.1
      php5-dba-debuginfo-5.5.14-59.1
      php5-debuginfo-5.5.14-59.1
      php5-debugsource-5.5.14-59.1
      php5-devel-5.5.14-59.1
      php5-dom-5.5.14-59.1
      php5-dom-debuginfo-5.5.14-59.1
      php5-enchant-5.5.14-59.1
      php5-enchant-debuginfo-5.5.14-59.1
      php5-exif-5.5.14-59.1
      php5-exif-debuginfo-5.5.14-59.1
      php5-fastcgi-5.5.14-59.1
      php5-fastcgi-debuginfo-5.5.14-59.1
      php5-fileinfo-5.5.14-59.1
      php5-fileinfo-debuginfo-5.5.14-59.1
      php5-firebird-5.5.14-59.1
      php5-firebird-debuginfo-5.5.14-59.1
      php5-fpm-5.5.14-59.1
      php5-fpm-debuginfo-5.5.14-59.1
      php5-ftp-5.5.14-59.1
      php5-ftp-debuginfo-5.5.14-59.1
      php5-gd-5.5.14-59.1
      php5-gd-debuginfo-5.5.14-59.1
      php5-gettext-5.5.14-59.1
      php5-gettext-debuginfo-5.5.14-59.1
      php5-gmp-5.5.14-59.1
      php5-gmp-debuginfo-5.5.14-59.1
      php5-iconv-5.5.14-59.1
      php5-iconv-debuginfo-5.5.14-59.1
      php5-imap-5.5.14-59.1
      php5-imap-debuginfo-5.5.14-59.1
      php5-intl-5.5.14-59.1
      php5-intl-debuginfo-5.5.14-59.1
      php5-json-5.5.14-59.1
      php5-json-debuginfo-5.5.14-59.1
      php5-ldap-5.5.14-59.1
      php5-ldap-debuginfo-5.5.14-59.1
      php5-mbstring-5.5.14-59.1
      php5-mbstring-debuginfo-5.5.14-59.1
      php5-mcrypt-5.5.14-59.1
      php5-mcrypt-debuginfo-5.5.14-59.1
      php5-mssql-5.5.14-59.1
      php5-mssql-debuginfo-5.5.14-59.1
      php5-mysql-5.5.14-59.1
      php5-mysql-debuginfo-5.5.14-59.1
      php5-odbc-5.5.14-59.1
      php5-odbc-debuginfo-5.5.14-59.1
      php5-opcache-5.5.14-59.1
      php5-opcache-debuginfo-5.5.14-59.1
      php5-openssl-5.5.14-59.1
      php5-openssl-debuginfo-5.5.14-59.1
      php5-pcntl-5.5.14-59.1
      php5-pcntl-debuginfo-5.5.14-59.1
      php5-pdo-5.5.14-59.1
      php5-pdo-debuginfo-5.5.14-59.1
      php5-pgsql-5.5.14-59.1
      php5-pgsql-debuginfo-5.5.14-59.1
      php5-phar-5.5.14-59.1
      php5-phar-debuginfo-5.5.14-59.1
      php5-posix-5.5.14-59.1
      php5-posix-debuginfo-5.5.14-59.1
      php5-pspell-5.5.14-59.1
      php5-pspell-debuginfo-5.5.14-59.1
      php5-readline-5.5.14-59.1
      php5-readline-debuginfo-5.5.14-59.1
      php5-shmop-5.5.14-59.1
      php5-shmop-debuginfo-5.5.14-59.1
      php5-snmp-5.5.14-59.1
      php5-snmp-debuginfo-5.5.14-59.1
      php5-soap-5.5.14-59.1
      php5-soap-debuginfo-5.5.14-59.1
      php5-sockets-5.5.14-59.1
      php5-sockets-debuginfo-5.5.14-59.1
      php5-sqlite-5.5.14-59.1
      php5-sqlite-debuginfo-5.5.14-59.1
      php5-suhosin-5.5.14-59.1
      php5-suhosin-debuginfo-5.5.14-59.1
      php5-sysvmsg-5.5.14-59.1
      php5-sysvmsg-debuginfo-5.5.14-59.1
      php5-sysvsem-5.5.14-59.1
      php5-sysvsem-debuginfo-5.5.14-59.1
      php5-sysvshm-5.5.14-59.1
      php5-sysvshm-debuginfo-5.5.14-59.1
      php5-tidy-5.5.14-59.1
      php5-tidy-debuginfo-5.5.14-59.1
      php5-tokenizer-5.5.14-59.1
      php5-tokenizer-debuginfo-5.5.14-59.1
      php5-wddx-5.5.14-59.1
      php5-wddx-debuginfo-5.5.14-59.1
      php5-xmlreader-5.5.14-59.1
      php5-xmlreader-debuginfo-5.5.14-59.1
      php5-xmlrpc-5.5.14-59.1
      php5-xmlrpc-debuginfo-5.5.14-59.1
      php5-xmlwriter-5.5.14-59.1
      php5-xmlwriter-debuginfo-5.5.14-59.1
      php5-xsl-5.5.14-59.1
      php5-xsl-debuginfo-5.5.14-59.1
      php5-zip-5.5.14-59.1
      php5-zip-debuginfo-5.5.14-59.1
      php5-zlib-5.5.14-59.1
      php5-zlib-debuginfo-5.5.14-59.1

   - openSUSE Leap 42.1 (noarch):

      php5-pear-5.5.14-59.1


References:

   https://www.suse.com/security/cve/CVE-2014-3587.html
   https://www.suse.com/security/cve/CVE-2016-3587.html
   https://www.suse.com/security/cve/CVE-2016-5399.html
   https://www.suse.com/security/cve/CVE-2016-6128.html
   https://www.suse.com/security/cve/CVE-2016-6161.html
   https://www.suse.com/security/cve/CVE-2016-6207.html
   https://www.suse.com/security/cve/CVE-2016-6288.html
   https://www.suse.com/security/cve/CVE-2016-6289.html
   https://www.suse.com/security/cve/CVE-2016-6290.html
   https://www.suse.com/security/cve/CVE-2016-6291.html
   https://www.suse.com/security/cve/CVE-2016-6292.html
   https://www.suse.com/security/cve/CVE-2016-6295.html
   https://www.suse.com/security/cve/CVE-2016-6296.html
   https://www.suse.com/security/cve/CVE-2016-6297.html
   https://www.suse.com/security/cve/CVE-2016-7124.html
   https://www.suse.com/security/cve/CVE-2016-7125.html
   https://www.suse.com/security/cve/CVE-2016-7126.html
   https://www.suse.com/security/cve/CVE-2016-7127.html
   https://www.suse.com/security/cve/CVE-2016-7128.html
   https://www.suse.com/security/cve/CVE-2016-7129.html
   https://www.suse.com/security/cve/CVE-2016-7130.html
   https://www.suse.com/security/cve/CVE-2016-7131.html
   https://www.suse.com/security/cve/CVE-2016-7132.html
   https://www.suse.com/security/cve/CVE-2016-7134.html
   https://bugzilla.suse.com/987530
   https://bugzilla.suse.com/987580
   https://bugzilla.suse.com/988032
   https://bugzilla.suse.com/991422
   https://bugzilla.suse.com/991424
   https://bugzilla.suse.com/991426
   https://bugzilla.suse.com/991427
   https://bugzilla.suse.com/991428
   https://bugzilla.suse.com/991429
   https://bugzilla.suse.com/991430
   https://bugzilla.suse.com/991433
   https://bugzilla.suse.com/991434
   https://bugzilla.suse.com/991437
   https://bugzilla.suse.com/997206
   https://bugzilla.suse.com/997207
   https://bugzilla.suse.com/997208
   https://bugzilla.suse.com/997210
   https://bugzilla.suse.com/997211
   https://bugzilla.suse.com/997220
   https://bugzilla.suse.com/997225
   https://bugzilla.suse.com/997230
   https://bugzilla.suse.com/997248
   https://bugzilla.suse.com/997257

openSUSE: 2016:2451-1: important: php5

October 4, 2016
An update that fixes 24 vulnerabilities is now available

Description

This update for php5 fixes the following security issues: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7134: Heap overflow in the function curl_escape This update was imported from the SUSE:SLE-12:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1156=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): apache2-mod_php5-5.5.14-59.1 apache2-mod_php5-debuginfo-5.5.14-59.1 php5-5.5.14-59.1 php5-bcmath-5.5.14-59.1 php5-bcmath-debuginfo-5.5.14-59.1 php5-bz2-5.5.14-59.1 php5-bz2-debuginfo-5.5.14-59.1 php5-calendar-5.5.14-59.1 php5-calendar-debuginfo-5.5.14-59.1 php5-ctype-5.5.14-59.1 php5-ctype-debuginfo-5.5.14-59.1 php5-curl-5.5.14-59.1 php5-curl-debuginfo-5.5.14-59.1 php5-dba-5.5.14-59.1 php5-dba-debuginfo-5.5.14-59.1 php5-debuginfo-5.5.14-59.1 php5-debugsource-5.5.14-59.1 php5-devel-5.5.14-59.1 php5-dom-5.5.14-59.1 php5-dom-debuginfo-5.5.14-59.1 php5-enchant-5.5.14-59.1 php5-enchant-debuginfo-5.5.14-59.1 php5-exif-5.5.14-59.1 php5-exif-debuginfo-5.5.14-59.1 php5-fastcgi-5.5.14-59.1 php5-fastcgi-debuginfo-5.5.14-59.1 php5-fileinfo-5.5.14-59.1 php5-fileinfo-debuginfo-5.5.14-59.1 php5-firebird-5.5.14-59.1 php5-firebird-debuginfo-5.5.14-59.1 php5-fpm-5.5.14-59.1 php5-fpm-debuginfo-5.5.14-59.1 php5-ftp-5.5.14-59.1 php5-ftp-debuginfo-5.5.14-59.1 php5-gd-5.5.14-59.1 php5-gd-debuginfo-5.5.14-59.1 php5-gettext-5.5.14-59.1 php5-gettext-debuginfo-5.5.14-59.1 php5-gmp-5.5.14-59.1 php5-gmp-debuginfo-5.5.14-59.1 php5-iconv-5.5.14-59.1 php5-iconv-debuginfo-5.5.14-59.1 php5-imap-5.5.14-59.1 php5-imap-debuginfo-5.5.14-59.1 php5-intl-5.5.14-59.1 php5-intl-debuginfo-5.5.14-59.1 php5-json-5.5.14-59.1 php5-json-debuginfo-5.5.14-59.1 php5-ldap-5.5.14-59.1 php5-ldap-debuginfo-5.5.14-59.1 php5-mbstring-5.5.14-59.1 php5-mbstring-debuginfo-5.5.14-59.1 php5-mcrypt-5.5.14-59.1 php5-mcrypt-debuginfo-5.5.14-59.1 php5-mssql-5.5.14-59.1 php5-mssql-debuginfo-5.5.14-59.1 php5-mysql-5.5.14-59.1 php5-mysql-debuginfo-5.5.14-59.1 php5-odbc-5.5.14-59.1 php5-odbc-debuginfo-5.5.14-59.1 php5-opcache-5.5.14-59.1 php5-opcache-debuginfo-5.5.14-59.1 php5-openssl-5.5.14-59.1 php5-openssl-debuginfo-5.5.14-59.1 php5-pcntl-5.5.14-59.1 php5-pcntl-debuginfo-5.5.14-59.1 php5-pdo-5.5.14-59.1 php5-pdo-debuginfo-5.5.14-59.1 php5-pgsql-5.5.14-59.1 php5-pgsql-debuginfo-5.5.14-59.1 php5-phar-5.5.14-59.1 php5-phar-debuginfo-5.5.14-59.1 php5-posix-5.5.14-59.1 php5-posix-debuginfo-5.5.14-59.1 php5-pspell-5.5.14-59.1 php5-pspell-debuginfo-5.5.14-59.1 php5-readline-5.5.14-59.1 php5-readline-debuginfo-5.5.14-59.1 php5-shmop-5.5.14-59.1 php5-shmop-debuginfo-5.5.14-59.1 php5-snmp-5.5.14-59.1 php5-snmp-debuginfo-5.5.14-59.1 php5-soap-5.5.14-59.1 php5-soap-debuginfo-5.5.14-59.1 php5-sockets-5.5.14-59.1 php5-sockets-debuginfo-5.5.14-59.1 php5-sqlite-5.5.14-59.1 php5-sqlite-debuginfo-5.5.14-59.1 php5-suhosin-5.5.14-59.1 php5-suhosin-debuginfo-5.5.14-59.1 php5-sysvmsg-5.5.14-59.1 php5-sysvmsg-debuginfo-5.5.14-59.1 php5-sysvsem-5.5.14-59.1 php5-sysvsem-debuginfo-5.5.14-59.1 php5-sysvshm-5.5.14-59.1 php5-sysvshm-debuginfo-5.5.14-59.1 php5-tidy-5.5.14-59.1 php5-tidy-debuginfo-5.5.14-59.1 php5-tokenizer-5.5.14-59.1 php5-tokenizer-debuginfo-5.5.14-59.1 php5-wddx-5.5.14-59.1 php5-wddx-debuginfo-5.5.14-59.1 php5-xmlreader-5.5.14-59.1 php5-xmlreader-debuginfo-5.5.14-59.1 php5-xmlrpc-5.5.14-59.1 php5-xmlrpc-debuginfo-5.5.14-59.1 php5-xmlwriter-5.5.14-59.1 php5-xmlwriter-debuginfo-5.5.14-59.1 php5-xsl-5.5.14-59.1 php5-xsl-debuginfo-5.5.14-59.1 php5-zip-5.5.14-59.1 php5-zip-debuginfo-5.5.14-59.1 php5-zlib-5.5.14-59.1 php5-zlib-debuginfo-5.5.14-59.1 - openSUSE Leap 42.1 (noarch): php5-pear-5.5.14-59.1


References

https://www.suse.com/security/cve/CVE-2014-3587.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6128.html https://www.suse.com/security/cve/CVE-2016-6161.html https://www.suse.com/security/cve/CVE-2016-6207.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6292.html https://www.suse.com/security/cve/CVE-2016-6295.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://www.suse.com/security/cve/CVE-2016-7134.html https://bugzilla.suse.com/987530 https://bugzilla.suse.com/987580 https://bugzilla.suse.com/988032 https://bugzilla.suse.com/991422 https://bugzilla.suse.com/991424 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991434 https://bugzilla.suse.com/991437 https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997248 https://bugzilla.suse.com/997257


Severity
Announcement ID: openSUSE-SU-2016:2451-1
Rating: important
Affected Products: openSUSE Leap 42.1 .

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved