SUSE: 2016:1280-1 Critical: php5 Security Flaws Discovered

suse

May 11, 2016

An update that fixes 5 vulnerabilities is now available

Summary

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or

Topics Covered

security advisory denial of service remote code execution SUSE Linux php5 patch instructions important rating

References

#976996 #976997 #977000 #977003 #977005

Cross- CVE-2015-8866 CVE-2015-8867 CVE-2016-4070

CVE-2016-4071 CVE-2016-4073

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Software Development Kit 12

SUSE Linux Enterprise Module for Web Scripting 12

https://www.suse.com/security/cve/CVE-2015-8866.html

https://www.suse.com/security/cve/CVE-2015-8867.html

https://www.suse.com/security/cve/CVE-2016-4070.html

https://www.suse.com/security/cve/CVE-2016-4071.html

https://www.suse.com/security/cve/CVE-2016-4073.html

https://bugzilla.suse.com/976996

https://bugzilla.suse.com/976997

https://bugzilla.suse.com/977000

https://bugzilla.suse.com/977003

https://bugzilla.suse.com/977005

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:1277-1

Rating: important

Topics Covered

security advisory denial of service remote code execution SUSE Linux php5 patch instructions important rating

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1280-1 Critical: php5 Security Flaws Discovered

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:1280-1 Critical: php5 Security Flaws Discovered

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!