openSUSE 42.1: 2016:2451-1 Critical: php5 Security Threats Fixed
opensuse
October 4, 2016
An update that fixes 24 vulnerabilities is now available
Description
This update for php5 fixes the following security issues:
* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
* CVE-2016-6161: global out of bounds read when encoding gif from
malformed input withgd2togif [bsc#988032]
* CVE-2016-6292: Null pointer dereference in exif_process_user_comment
[bsc#991422]
* CVE-2016-6295: Use after free in SNMP with GC and unserialize()
[bsc#991424]
* CVE-2016-6297: Stack-based buffer overflow vulnerability in
php_stream_zip_opener [bsc#991426]
* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
[bsc#991427]
* CVE-2016-6289: Integer overflow leads to buffer overflow in
virtual_file_ex [bsc#991428]
* CVE-2016-6290: Use after free in unserialize() with Unexpected Session
Deserialization [bsc#991429]
* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn
in...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1156=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (i586 x86_64):
apache2-mod_php5-5.5.14-59.1
apache2-mod_php5-debuginfo-5.5.14-59.1
php5-5.5.14-59.1
php5-bcmath-5.5.14-59.1
php5-bcmath-debuginfo-5.5.14-59.1
php5-bz2-5.5.14-59.1
php5-bz2-debuginfo-5.5.14-59.1
php5-calendar-5.5.14-59.1
php5-calendar-debuginfo-5.5.14-59.1
php5-ctype-5.5.14-59.1
php5-ctype-debuginfo-5.5.14-59.1
php5-curl-5.5.14-59.1
php5-curl-debuginfo-5.5.14-59.1
php5-dba-5.5.14-59.1
php5-dba-debuginfo-5.5.14-59.1
php5-debuginfo-5.5.14-59.1
php5-debugsource-5.5.14-59.1
php5-devel-5.5.14-59.1
php5-dom-5.5.14-59.1
php5-dom-debuginfo-5.5.14-59.1
php5-enchant-5.5.14-59.1
php5-enchant-debuginfo-5.5.14-59.1
php5-exif-5.5.14-59.1
php5-exif-debuginfo-5.5.14-59.1
php5-fastcgi-5.5.14-59.1
php5-fastcgi-debuginfo-5.5.14-59.1
php5-fileinfo-5.5.14-59.1
php5-fileinfo-debuginfo-5.5.14-59.1
php5-firebird-5.5.14-59.1
php5-firebird-debuginfo-5.5.14-59.1
php5-fpm-5.5.14-59.1
php5-fpm-debuginfo-5.5.14-59.1
php5-ftp-5.5.14-59.1
php5-ftp-debuginfo-5.5.14-59.1
php5-gd-5.5.14-59.1
php5-gd-debuginfo-5.5.14-59....
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2014-3587.html
https://www.suse.com/security/cve/CVE-2016-3587.html
https://www.suse.com/security/cve/CVE-2016-5399.html
https://www.suse.com/security/cve/CVE-2016-6128.html
https://www.suse.com/security/cve/CVE-2016-6161.html
https://www.suse.com/security/cve/CVE-2016-6207.html
https://www.suse.com/security/cve/CVE-2016-6288.html
https://www.suse.com/security/cve/CVE-2016-6289.html
https://www.suse.com/security/cve/CVE-2016-6290.html
https://www.suse.com/security/cve/CVE-2016-6291.html
https://www.suse.com/security/cve/CVE-2016-6292.html
https://www.suse.com/security/cve/CVE-2016-6295.html
https://www.suse.com/security/cve/CVE-2016-6296.html
https://www.suse.com/security/cve/CVE-2016-6297.html
https://www.suse.com/security/cve/CVE-2016-7124.html
https://www.suse.com/security/cve/CVE-2016-7125.html
https://www.suse.com/security/cve/CVE-2016-7126.html
https://www.suse.com/security/cve/CVE-2016-7127.html
https://www.suse.com/security/cve/CVE-2016-7128.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:2451-1
Rating: important
Affected Products:
openSUSE Leap 42.1
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!