SUSE Linux 11-SP4 Advisory: Important php53 Type Confusion Fix

suse

April 25, 2016

An update that fixes 8 vulnerabilities is now available

Summary

This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821]

Topics Covered

security advisory security update code execution important fix SUSE Linux php53 type confusion

References

#949961 #968284 #969821 #971611 #971612 #971912

#973351 #973792

Cross- CVE-2014-9767 CVE-2015-7803 CVE-2015-8835

CVE-2015-8838 CVE-2016-2554 CVE-2016-3141

CVE-2016-3142 CVE-2016-3185

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2014-9767.html

https://www.suse.com/security/cve/CVE-2015-7803.html

https://www.suse.com/security/cve/CVE-2015-8835.html

https://www.suse.com/security/cve/CVE-2015-8838.html

https://www.suse.com/security/cve/CVE-2016-2554.html

https://www.suse.com/security/cve/CVE-2016-3141.html

https://www.suse.com/security/cve/CVE-2016-3142.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1145-1

Rating: important

Topics Covered

security advisory security update code execution important fix SUSE Linux php53 type confusion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 11-SP4 Advisory: Important php53 Type Confusion Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 11-SP4 Advisory: Important php53 Type Confusion Fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!