Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

SUSE: 2016:1581-2 Critical: php74 Security Vulnerability Mitigation

suse
Calendar Grey June 14, 2016
Dist Suse Esm H88
Critical enhancement now ready for php53 on SUSE addressing 29 vulnerabilities, incorporating fixes for memory leaks and integer overflow scenarios.
An update that fixes 31 vulnerabilities is now available

Summary

This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing

Topics%20covered

Topics Covered

security advisory buffer overflow heap corruption important memory leak SUSE php53

References

#949961 #968284 #969821 #971611 #971612 #971912

#973351 #973792 #976996 #976997 #977003 #977005

#977991 #977994 #978827 #978828 #978829 #978830

#980366 #980373 #980375 #981050 #982010 #982011

#982012 #982013 #982162

Cross- CVE-2014-9767 CVE-2015-4116 CVE-2015-7803

CVE-2015-8835 CVE-2015-8838 CVE-2015-8866

CVE-2015-8867 CVE-2015-8873 CVE-2015-8874

CVE-2015-8879 CVE-2016-2554 CVE-2016-3141

CVE-2016-3142 CVE-2016-3185 CVE-2016-4070

CVE-2016-4073 CVE-2016-4342 CVE-2016-4346

CVE-2016-4537 CVE-2016-4538 CVE-2016-4539

CVE-2016-4540 CVE-2016-4541 CVE-2016-4542

CVE-2016-4543 CVE-2016-4544 CVE-2016-5093

CVE-2016-5094 CVE-2016-5095 CVE-2016-5096

CVE-2016-5114

Affected Products:

SUSE OpenStack Cloud 5

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2016:1581-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow heap corruption important memory leak SUSE php53

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here