SUSE: 2016:2461-1 Critical Update: php53 Memory Management Problems

suse

October 6, 2016

An update that fixes 7 vulnerabilities is now available

Summary

This update for php53 fixes the following issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php53-12776=1

Topics Covered

security advisory buffer overflow memory corruption critical threat php update system patch SUSE Linux

References

#999679 #999680 #999682 #999684 #999685 #999819

#999820

Cross- CVE-2016-7411 CVE-2016-7412 CVE-2016-7413

CVE-2016-7414 CVE-2016-7416 CVE-2016-7417

CVE-2016-7418

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Debuginfo 11-SP2

https://www.suse.com/security/cve/CVE-2016-7411.html

https://www.suse.com/security/cve/CVE-2016-7412.html

https://www.suse.com/security/cve/CVE-2016-7413.html

https://www.suse.com/security/cve/CVE-2016-7414.html

https://www.suse.com/security/cve/CVE-2016-7416.html

https://www.suse.com/security/cve/CVE-2016-7417.html

https://www.suse.com/security/cve/CVE-2016-7418.html

https://bugzilla.suse.com/999679

https://bugzilla.suse.com/999680

https://bugzilla.suse.com/999682

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:2461-1

Rating: important

Topics Covered

security advisory buffer overflow memory corruption critical threat php update system patch SUSE Linux

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2461-1 Critical Update: php53 Memory Management Problems

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2461-1 Critical Update: php53 Memory Management Problems

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!