[security-announce] SUSE-SU-2016:1638-1: important: Security update for php53

[news 28]

SUSE Security Update: Security update for php53

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1638-1

Rating: important

References: #884986 #884987 #884989 #884990 #884991 #884992

#885961 #886059 #886060 #893849 #893853 #902357

#902360 #902368 #910659 #914690 #917150 #918768

#919080 #921950 #922451 #922452 #923945 #924972

#925109 #928506 #928511 #931421 #931769 #931772

#931776 #933227 #935074 #935224 #935226 #935227

#935229 #935232 #935234 #935274 #935275 #938719

#938721 #942291 #942296 #945412 #945428 #949961

#968284 #969821 #971611 #971612 #971912 #973351

#973792 #976996 #976997 #977003 #977005 #977991

#977994 #978827 #978828 #978829 #978830 #980366

#980373 #980375 #981050 #982010 #982011 #982012

#982013 #982162

Cross-References: CVE-2004-1019 CVE-2006-7243 CVE-2014-0207

CVE-2014-3478 CVE-2014-3479 CVE-2014-3480

CVE-2014-3487 CVE-2014-3515 CVE-2014-3597

CVE-2014-3668 CVE-2014-3669 CVE-2014-3670

CVE-2014-4049 CVE-2014-4670 CVE-2014-4698

CVE-2014-4721 CVE-2014-5459 CVE-2014-8142

CVE-2014-9652 CVE-2014-9705 CVE-2014-9709

CVE-2014-9767 CVE-2015-0231 CVE-2015-0232

CVE-2015-0273 CVE-2015-1352 CVE-2015-2301

CVE-2015-2305 CVE-2015-2783 CVE-2015-2787

CVE-2015-3152 CVE-2015-3329 CVE-2015-3411

CVE-2015-3412 CVE-2015-4021 CVE-2015-4022

CVE-2015-4024 CVE-2015-4026 CVE-2015-4116

CVE-2015-4148 CVE-2015-4598 CVE-2015-4599

CVE-2015-4600 CVE-2015-4601 CVE-2015-4602

CVE-2015-4603 CVE-2015-4643 CVE-2015-4644

CVE-2015-5161 CVE-2015-5589 CVE-2015-5590

CVE-2015-6831 CVE-2015-6833 CVE-2015-6836

CVE-2015-6837 CVE-2015-6838 CVE-2015-7803

CVE-2015-8835 CVE-2015-8838 CVE-2015-8866

CVE-2015-8867 CVE-2015-8873 CVE-2015-8874

CVE-2015-8879 CVE-2016-2554 CVE-2016-3141

CVE-2016-3142 CVE-2016-3185 CVE-2016-4070

CVE-2016-4073 CVE-2016-4342 CVE-2016-4346

CVE-2016-4537 CVE-2016-4538 CVE-2016-4539

CVE-2016-4540 CVE-2016-4541 CVE-2016-4542

CVE-2016-4543 CVE-2016-4544 CVE-2016-5093

CVE-2016-5094 CVE-2016-5095 CVE-2016-5096

CVE-2016-5114

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

______________________________________________________________________________

 

An update that fixes 85 vulnerabilities is now available.

 

Description:

 

This update for php53 to version 5.3.17 fixes the following issues:

 

These security issues were fixed:

- CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).

- CVE-2016-5094: Don't create strings with lengths outside int range

(bnc#982011).

- CVE-2016-5095: Don't create strings with lengths outside int range

(bnc#982012).

- CVE-2016-5096: int/size_t confusion in fread (bsc#982013).

- CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).

- CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP

mishandles driver behavior for SQL_WVARCHAR columns, which allowed

remote attackers to cause a denial of service (application crash) in

opportunistic circumstances by leveraging use of the odbc_fetch_array

function to access a certain type of Microsoft SQL Server table

(bsc#981050).

- CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert

function in ext/spl/spl_heap.c in PHP allowed remote attackers to

execute arbitrary code by triggering a failed SplMinHeap::compare

operation (bsc#980366).

- CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed

remote attackers to cause a denial of service via a crafted

imagefilltoborder call (bsc#980375).

- CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c

in PHP allowed remote attackers to cause a denial of service

(segmentation fault) via recursive method calls (bsc#980373).

- CVE-2016-4540: The grapheme_stripos function in

ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to

cause a denial of service (out-of-bounds read) or possibly have

unspecified other impact via a negative offset (bsc#978829).

- CVE-2016-4541: The grapheme_strpos function in

ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to

cause a denial of service (out-of-bounds read) or possibly have

unspecified other impact via a negative offset (bsc#978829.

- CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in

PHP did not properly construct spprintf arguments, which allowed remote

attackers to cause a denial of service (out-of-bounds read) or possibly

have unspecified other impact via crafted header data (bsc#978830).

- CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c

in PHP did not validate IFD sizes, which allowed remote attackers to

cause a denial of service (out-of-bounds read) or possibly have

unspecified other impact via crafted header data (bsc#978830.

- CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c

in PHP did not validate TIFF start data, which allowed remote attackers

to cause a denial of service (out-of-bounds read) or possibly have

unspecified other impact via crafted header data (bsc#978830.

- CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP

accepted a negative integer for the scale argument, which allowed remote

attackers to cause a denial of service or possibly have unspecified

other impact via a crafted call (bsc#978827).

- CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP

modified certain data structures without considering whether they are

copies of the _zero_, _one_, or _two_ global variable, which allowed

remote attackers to cause a denial of service or possibly have

unspecified other impact via a crafted call (bsc#978827).

- CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in

PHP allowed remote attackers to cause a denial of service (buffer

under-read and segmentation fault) or possibly have unspecified other

impact via crafted XML data in the second argument, leading to a parser

level of zero (bsc#978828).

- CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length

uncompressed data, which allowed remote attackers to cause a denial of

service (heap memory corruption) or possibly have unspecified other

impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).

- CVE-2016-4346: Integer overflow in the str_pad function in

ext/standard/string.c in PHP allowed remote attackers to cause a denial

of service or possibly have unspecified other impact via a long string,

leading to a heap-based buffer overflow (bsc#977994).

- CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in

ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted mb_strcut call (bsc#977003).

- CVE-2015-8867: The openssl_random_pseudo_bytes function in

ext/openssl/openssl.c in PHP incorrectly relied on the deprecated

RAND_pseudo_bytes function, which made it easier for remote attackers to

defeat cryptographic protection mechanisms via unspecified vectors

(bsc#977005).

- CVE-2016-4070: Integer overflow in the php_raw_url_encode function in

ext/standard/url.c in PHP allowed remote attackers to cause a denial of

service (application crash) via a long string to the rawurlencode

function (bsc#976997).

- CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not

isolate each thread from libxml_disable_entity_loader changes in other

threads, which allowed remote attackers to conduct XML External Entity

(XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,

a related issue to CVE-2015-5161 (bsc#976996).

- CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to

mean that SSL is optional, which allowed man-in-the-middle attackers to

spoof servers via a cleartext-downgrade attack, a related issue to

CVE-2015-3152 (bsc#973792).

- CVE-2015-8835: The make_http_soap_request function in

ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed

remote attackers to cause a denial of service (NULL pointer dereference,

type confusion, and application crash) or possibly execute arbitrary

code via crafted serialized data representing a numerically indexed

_cookies array, related to the SoapClient::__call method in

ext/soap/soap.c (bsc#973351).

- CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX

extension in PHP allowed remote attackers to cause a denial of service

(memory corruption and application crash) or possibly have unspecified

other impact by triggering a wddx_deserialize call on XML data

containing a crafted var element (bsc#969821).

- CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR

extension in PHP allowed remote attackers to obtain sensitive

information from process memory or cause a denial of service

(out-of-bounds read and application crash) by placing a PK\x05\x06

signature at an invalid location (bsc#971912).

- CVE-2014-9767: Directory traversal vulnerability in the

ZipArchive::extractTo function in ext/zip/php_zip.c in PHP

ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary

empty directories via a crafted ZIP archive (bsc#971612).

- CVE-2016-3185: The make_http_soap_request function in

ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive

information from process memory or cause a denial of service (type

confusion and application crash) via crafted serialized _cookies data,

related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).

- CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP

allowed remote attackers to cause a denial of service (application

crash) or possibly have unspecified other impact via a crafted TAR

archive (bsc#968284).

- CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in

PHP allowed remote attackers to cause a denial of service (NULL pointer

dereference and application crash) via a .phar file with a crafted TAR

archive entry in which the Link indicator references a file that did not

exist (bsc#949961).

- CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP

allowed remote attackers to execute arbitrary code via vectors involving

(1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,

which are mishandled during unserialization (bsc#942291).

- CVE-2015-6833: Directory traversal vulnerability in the PharData class

in PHP allowed remote attackers to write to arbitrary files via a ..

(dot dot) in a ZIP archive entry that is mishandled during an extractTo

call (bsc#942296.

- CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP

did not properly manage headers, which allowed remote attackers to

execute arbitrary code via crafted serialized data that triggers a "type

confusion" in the serialize_function_call function (bsc#945428).

- CVE-2015-6837: The xsl_ext_function_php function in

ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider

the possibility of a NULL valuePop return value proceeding with a free

operation during initial error checking, which allowed remote attackers

to cause a denial of service (NULL pointer dereference and application

crash) via a crafted XML document, a different vulnerability than

CVE-2015-6838 (bsc#945412).

- CVE-2015-6838: The xsl_ext_function_php function in

ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider

the possibility of a NULL valuePop return value proceeding with a free

operation after the principal argument loop, which allowed remote

attackers to cause a denial of service (NULL pointer dereference and

application crash) via a crafted XML document, a different vulnerability

than CVE-2015-6837 (bsc#945412).

- CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath

function in ext/phar/phar.c in PHP allowed remote attackers to cause a

denial of service or possibly have unspecified other impact via a large

length value, as demonstrated by mishandling of an e-mail attachment by

the imap PHP extension (bsc#938719).

- CVE-2015-5589: The phar_convert_to_other function in

ext/phar/phar_object.c in PHP did not validate a file pointer a close

operation, which allowed remote attackers to cause a denial of service

(segmentation fault) or possibly have unspecified other impact via a

crafted TAR archive that is mishandled in a Phar::convertToData call

(bsc#938721).

- CVE-2015-4602: The __PHP_Incomplete_Class function in

ext/standard/incomplete_class.c in PHP allowed remote attackers to cause

a denial of service (application crash) or possibly execute arbitrary

code via an unexpected data type, related to a "type confusion" issue

(bsc#935224).

- CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in

PHP allowed remote attackers to obtain sensitive information, cause a

denial of service (application crash), or possibly execute arbitrary

code via an unexpected data type, related to a "type confusion" issue

(bsc#935226).

- CVE-2015-4600: The SoapClient implementation in PHP allowed remote

attackers to cause a denial of service (application crash) or possibly

execute arbitrary code via an unexpected data type, related to "type

confusion" issues in the (1) SoapClient::__getLastRequest, (2)

SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,

(4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,

and (6) SoapClient::__setCookie methods (bsc#935226).

- CVE-2015-4601: PHP allowed remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via an unexpected

data type, related to "type confusion" issues in (1)

ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)

ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.

- CVE-2015-4603: The exception::getTraceAsString function in

Zend/zend_exceptions.c in PHP allowed remote attackers to execute

arbitrary code via an unexpected data type, related to a "type

confusion" issue (bsc#935234).

- CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the

PostgreSQL (aka pgsql) extension in PHP did not validate token

extraction for table names, which might allowed remote attackers to

cause a denial of service (NULL pointer dereference and application

crash) via a crafted name. NOTE: this vulnerability exists because of an

incomplete fix for CVE-2015-1352 (bsc#935274).

- CVE-2015-4643: Integer overflow in the ftp_genlist function in

ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary

code via a long reply to a LIST command, leading to a heap-based buffer

overflow. NOTE: this vulnerability exists because of an incomplete fix

for CVE-2015-4022 (bsc#935275).

- CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,

which might have allowed remote attackers to read or write to arbitrary

files via crafted input to an application that calls (1) a DOMDocument

load method, (2) the xmlwriter_open_uri function, (3) the finfo_file

function, or (4) the hash_hmac_file function, as demonstrated by a

filename\0.xml attack that bypasses an intended configuration in which

client users may read only .xml files (bsc#935227).

- CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,

which might have allowed remote attackers to read arbitrary files via

crafted input to an application that calls the

stream_resolve_include_path function in ext/standard/streamsfuncs.c, as

demonstrated by a filename\0.extension attack that bypasses an intended

configuration in which client users may read files with only one

specific extension (bsc#935229).

- CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,

which might have allowed remote attackers to read or write to arbitrary

files via crafted input to an application that calls (1) a DOMDocument

save method or (2) the GD imagepsloadfont function, as demonstrated by a

filename\0.html attack that bypasses an intended configuration in which

client users may write to only .html files (bsc#935232).

- CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did

not verify that the uri property is a string, which allowed remote

attackers to obtain sensitive information by providing crafted

serialized data with an int data type, related to a "type confusion"

issue (bsc#933227).

- CVE-2015-4024: Algorithmic complexity vulnerability in the

multipart_buffer_headers function in main/rfc1867.c in PHP allowed

remote attackers to cause a denial of service (CPU consumption) via

crafted form data that triggers an improper order-of-growth outcome

(bsc#931421).

- CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname

upon encountering a \x00 character, which might allowed remote attackers

to bypass intended extension restrictions and execute files with

unexpected names via a crafted first argument. NOTE: this vulnerability

exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).

- CVE-2015-4022: Integer overflow in the ftp_genlist function in

ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary

code via a long reply to a LIST command, leading to a heap-based buffer

overflow (bsc#931772).

- CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP

did not verify that the first character of a filename is different from

the \0 character, which allowed remote attackers to cause a denial of

service (integer underflow and memory corruption) via a crafted entry in

a tar archive (bsc#931769).

- CVE-2015-3329: Multiple stack-based buffer overflows in the

phar_set_inode function in phar_internal.h in PHP allowed remote

attackers to execute arbitrary code via a crafted length value in a (1)

tar, (2) phar, or (3) ZIP archive (bsc#928506).

- CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain

sensitive information from process memory or cause a denial of service

(buffer over-read and application crash) via a crafted length value in

conjunction with crafted serialized data in a phar archive, related to

the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).

- CVE-2015-2787: Use-after-free vulnerability in the process_nested_data

function in ext/standard/var_unserializer.re in PHP allowed remote

attackers to execute arbitrary code via a crafted unserialize call that

leverages use of the unset function within an __wakeup function, a

related issue to CVE-2015-0231 (bsc#924972).

- CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and

earlier, as used in PHP allowed remote attackers to cause a denial of

service (buffer over-read and application crash) via a crafted GIF image

that is improperly handled by the gdImageCreateFromGif function

(bsc#923945).

- CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive

function in phar_object.c in PHP allowed remote attackers to cause a

denial of service or possibly have unspecified other impact via vectors

that trigger an attempted renaming of a Phar archive to the name of an

existing file (bsc#922452).

- CVE-2015-2305: Integer overflow in the regcomp implementation in the

Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might

have allowed context-dependent attackers to execute arbitrary code via a

large regular expression that leads to a heap-based buffer overflow

(bsc#921950).

- CVE-2014-9705: Heap-based buffer overflow in the

enchant_broker_request_dict function in ext/enchant/enchant.c in PHP

allowed remote attackers to execute arbitrary code via vectors that

trigger creation of multiple dictionaries (bsc#922451).

- CVE-2015-0273: Multiple use-after-free vulnerabilities in

ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary

code via crafted serialized input containing a (1) R or (2) r type

specifier in (a) DateTimeZone data handled by the

php_date_timezone_initialize_from_hash function or ( DateTime data

handled by the php_date_initialize_from_hash function (bsc#918768).

- CVE-2014-9652: The mconvert function in softmagic.c in file as used in

the Fileinfo component in PHP did not properly handle a certain

string-length field during a copy of a truncated version of a Pascal

string, which might allowed remote attackers to cause a denial of

service (out-of-bounds memory access and application crash) via a

crafted file (bsc#917150).

- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data

function in ext/standard/var_unserializer.re in PHP allowed remote

attackers to execute arbitrary code via a crafted unserialize call that

leverages improper handling of duplicate keys within the serialized

properties of an object, a different vulnerability than CVE-2004-1019

(bsc#910659).

- CVE-2015-0231: Use-after-free vulnerability in the process_nested_data

function in ext/standard/var_unserializer.re in PHP allowed remote

attackers to execute arbitrary code via a crafted unserialize call that

leverages improper handling of duplicate numerical keys within the

serialized properties of an object. NOTE: this vulnerability exists

because of an incomplete fix for CVE-2014-8142 (bsc#910659).

- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data

function in ext/standard/var_unserializer.re in PHP allowed remote

attackers to execute arbitrary code via a crafted unserialize call that

leverages improper handling of duplicate keys within the serialized

properties of an object, a different vulnerability than CVE-2004-1019

(bsc#910659).

- CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in

PHP allowed remote attackers to execute arbitrary code or cause a denial

of service (uninitialized pointer free and application crash) via

crafted EXIF data in a JPEG image (bsc#914690).

- CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF

extension in PHP operates on floating-point arrays incorrectly, which

allowed remote attackers to cause a denial of service (heap memory

corruption and application crash) or possibly execute arbitrary code via

a crafted JPEG image with TIFF thumbnail data that is improperly handled

by the exif_thumbnail function (bsc#902357).

- CVE-2014-3669: Integer overflow in the object_custom function in

ext/standard/var_unserializer.c in PHP allowed remote attackers to cause

a denial of service (application crash) or possibly execute arbitrary

code via an argument to the unserialize function that triggers

calculation of a large length value (bsc#902360).

- CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the

mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in

PHP allowed remote attackers to cause a denial of service (application

crash) via (1) a crafted first argument to the xmlrpc_set_type function

or (2) a crafted argument to the xmlrpc_decode function, related to an

out-of-bounds read operation (bsc#902368).

- CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed

local users to write to arbitrary files via a symlink attack on a (1)

rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to

the retrieveCacheFirst and useLocalCache functions (bsc#893849).

- CVE-2014-3597: Multiple buffer overflows in the php_parserr function in

ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial

of service (application crash) or possibly execute arbitrary code via a

crafted DNS record, related to the dns_get_record function and the

dn_expand function. NOTE: this issue exists because of an incomplete fix

for CVE-2014-4049 (bsc#893853).

- CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in

the SPL component in PHP allowed context-dependent attackers to cause a

denial of service or possibly have unspecified other impact via crafted

iterator usage within applications in certain web-hosting environments

(bsc#886059).

- CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in

the SPL component in PHP allowed context-dependent attackers to cause a

denial of service or possibly have unspecified other impact via crafted

ArrayIterator usage within applications in certain web-hosting

environments (bsc#886060).

- CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP

did not ensure use of the string data type for the PHP_AUTH_PW,

PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might

allowed context-dependent attackers to obtain sensitive information from

process memory by using the integer data type with crafted values,

related to a "type confusion" vulnerability, as demonstrated by reading

a private SSL key in an Apache HTTP Server web-hosting environment with

mod_ssl and a PHP 5.3.x mod_php (bsc#885961).

- CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as

used in the Fileinfo component in PHP allowed remote attackers to cause

a denial of service (assertion failure and application exit) via a

crafted CDF file (bsc#884986).

- CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c

in file as used in the Fileinfo component in PHP allowed remote

attackers to cause a denial of service (application crash) via a crafted

Pascal string in a FILE_PSTRING conversion (bsc#884987).

- CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as

used in the Fileinfo component in PHP relies on incorrect sector-size

data, which allowed remote attackers to cause a denial of service

(application crash) via a crafted stream offset in a CDF file

(bsc#884989).

- CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in

the Fileinfo component in PHP did not properly validate sector-count

data, which allowed remote attackers to cause a denial of service

(application crash) via a crafted CDF file (bsc#884990).

- CVE-2014-3487: The cdf_read_property_info function in file as used in

the Fileinfo component in PHP did not properly validate a stream offset,

which allowed remote attackers to cause a denial of service (application

crash) via a crafted CDF file (bsc#884991).

- CVE-2014-3515: The SPL component in PHP incorrectly anticipates that

certain data structures will have the array data type after

unserialization, which allowed remote attackers to execute arbitrary

code via a crafted string that triggers use of a Hashtable destructor,

related to "type confusion" issues in (1) ArrayObject and (2)

SPLObjectStorage (bsc#884992).

 

These non-security issues were fixed:

- bnc#935074: compare with SQL_NULL_DATA correctly

- bnc#935074: fix segfault in odbc_fetch_array

- bnc#919080: fix timezone map

- bnc#925109: unserialize SoapClient type confusion

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS:

 

zypper in -t patch slessp2-php53-12621=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

 

apache2-mod_php53-5.3.17-47.1

php53-5.3.17-47.1

php53-bcmath-5.3.17-47.1

php53-bz2-5.3.17-47.1

php53-calendar-5.3.17-47.1

php53-ctype-5.3.17-47.1

php53-curl-5.3.17-47.1

php53-dba-5.3.17-47.1

php53-dom-5.3.17-47.1

php53-exif-5.3.17-47.1

php53-fastcgi-5.3.17-47.1

php53-fileinfo-5.3.17-47.1

php53-ftp-5.3.17-47.1

php53-gd-5.3.17-47.1

php53-gettext-5.3.17-47.1

php53-gmp-5.3.17-47.1

php53-iconv-5.3.17-47.1

php53-intl-5.3.17-47.1

php53-json-5.3.17-47.1

php53-ldap-5.3.17-47.1

php53-mbstring-5.3.17-47.1

php53-mcrypt-5.3.17-47.1

php53-mysql-5.3.17-47.1

php53-odbc-5.3.17-47.1

php53-openssl-5.3.17-47.1

php53-pcntl-5.3.17-47.1

php53-pdo-5.3.17-47.1

php53-pear-5.3.17-47.1

php53-pgsql-5.3.17-47.1

php53-pspell-5.3.17-47.1

php53-shmop-5.3.17-47.1

php53-snmp-5.3.17-47.1

php53-soap-5.3.17-47.1

php53-suhosin-5.3.17-47.1

php53-sysvmsg-5.3.17-47.1

php53-sysvsem-5.3.17-47.1

php53-sysvshm-5.3.17-47.1

php53-tokenizer-5.3.17-47.1

php53-wddx-5.3.17-47.1

php53-xmlreader-5.3.17-47.1

php53-xmlrpc-5.3.17-47.1

php53-xmlwriter-5.3.17-47.1

php53-xsl-5.3.17-47.1

php53-zip-5.3.17-47.1

php53-zlib-5.3.17-47.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2004-1019.html

https://www.suse.com/security/cve/CVE-2006-7243.html

https://www.suse.com/security/cve/CVE-2014-0207.html

https://www.suse.com/security/cve/CVE-2014-3478.html

https://www.suse.com/security/cve/CVE-2014-3479.html

https://www.suse.com/security/cve/CVE-2014-3480.html

https://www.suse.com/security/cve/CVE-2014-3487.html

https://www.suse.com/security/cve/CVE-2014-3515.html

https://www.suse.com/security/cve/CVE-2014-3597.html

https://www.suse.com/security/cve/CVE-2014-3668.html

https://www.suse.com/security/cve/CVE-2014-3669.html

https://www.suse.com/security/cve/CVE-2014-3670.html

https://www.suse.com/security/cve/CVE-2014-4049.html

https://www.suse.com/security/cve/CVE-2014-4670.html

https://www.suse.com/security/cve/CVE-2014-4698.html

https://www.suse.com/security/cve/CVE-2014-4721.html

https://www.suse.com/security/cve/CVE-2014-5459.html

https://www.suse.com/security/cve/CVE-2014-8142.html

https://www.suse.com/security/cve/CVE-2014-9652.html

https://www.suse.com/security/cve/CVE-2014-9705.html

https://www.suse.com/security/cve/CVE-2014-9709.html

https://www.suse.com/security/cve/CVE-2014-9767.html

https://www.suse.com/security/cve/CVE-2015-0231.html

https://www.suse.com/security/cve/CVE-2015-0232.html

https://www.suse.com/security/cve/CVE-2015-0273.html

https://www.suse.com/security/cve/CVE-2015-1352.html

https://www.suse.com/security/cve/CVE-2015-2301.html

https://www.suse.com/security/cve/CVE-2015-2305.html

https://www.suse.com/security/cve/CVE-2015-2783.html

https://www.suse.com/security/cve/CVE-2015-2787.html

https://www.suse.com/security/cve/CVE-2015-3152.html

https://www.suse.com/security/cve/CVE-2015-3329.html

https://www.suse.com/security/cve/CVE-2015-3411.html

https://www.suse.com/security/cve/CVE-2015-3412.html

https://www.suse.com/security/cve/CVE-2015-4021.html

https://www.suse.com/security/cve/CVE-2015-4022.html

https://www.suse.com/security/cve/CVE-2015-4024.html

https://www.suse.com/security/cve/CVE-2015-4026.html

https://www.suse.com/security/cve/CVE-2015-4116.html

https://www.suse.com/security/cve/CVE-2015-4148.html

https://www.suse.com/security/cve/CVE-2015-4598.html

https://www.suse.com/security/cve/CVE-2015-4599.html

https://www.suse.com/security/cve/CVE-2015-4600.html

https://www.suse.com/security/cve/CVE-2015-4601.html

https://www.suse.com/security/cve/CVE-2015-4602.html

https://www.suse.com/security/cve/CVE-2015-4603.html

https://www.suse.com/security/cve/CVE-2015-4643.html

https://www.suse.com/security/cve/CVE-2015-4644.html

https://www.suse.com/security/cve/CVE-2015-5161.html

https://www.suse.com/security/cve/CVE-2015-5589.html

https://www.suse.com/security/cve/CVE-2015-5590.html

https://www.suse.com/security/cve/CVE-2015-6831.html

https://www.suse.com/security/cve/CVE-2015-6833.html

https://www.suse.com/security/cve/CVE-2015-6836.html

https://www.suse.com/security/cve/CVE-2015-6837.html

https://www.suse.com/security/cve/CVE-2015-6838.html

https://www.suse.com/security/cve/CVE-2015-7803.html

https://www.suse.com/security/cve/CVE-2015-8835.html

https://www.suse.com/security/cve/CVE-2015-8838.html

https://www.suse.com/security/cve/CVE-2015-8866.html

https://www.suse.com/security/cve/CVE-2015-8867.html

https://www.suse.com/security/cve/CVE-2015-8873.html

https://www.suse.com/security/cve/CVE-2015-8874.html

https://www.suse.com/security/cve/CVE-2015-8879.html

https://www.suse.com/security/cve/CVE-2016-2554.html

https://www.suse.com/security/cve/CVE-2016-3141.html

https://www.suse.com/security/cve/CVE-2016-3142.html

https://www.suse.com/security/cve/CVE-2016-3185.html

https://www.suse.com/security/cve/CVE-2016-4070.html

https://www.suse.com/security/cve/CVE-2016-4073.html

https://www.suse.com/security/cve/CVE-2016-4342.html

https://www.suse.com/security/cve/CVE-2016-4346.html

https://www.suse.com/security/cve/CVE-2016-4537.html

https://www.suse.com/security/cve/CVE-2016-4538.html

https://www.suse.com/security/cve/CVE-2016-4539.html

https://www.suse.com/security/cve/CVE-2016-4540.html

https://www.suse.com/security/cve/CVE-2016-4541.html

https://www.suse.com/security/cve/CVE-2016-4542.html

https://www.suse.com/security/cve/CVE-2016-4543.html

https://www.suse.com/security/cve/CVE-2016-4544.html

https://www.suse.com/security/cve/CVE-2016-5093.html

https://www.suse.com/security/cve/CVE-2016-5094.html

https://www.suse.com/security/cve/CVE-2016-5095.html

https://www.suse.com/security/cve/CVE-2016-5096.html

https://www.suse.com/security/cve/CVE-2016-5114.html

https://bugzilla.suse.com/884986

https://bugzilla.suse.com/884987

https://bugzilla.suse.com/884989

https://bugzilla.suse.com/884990

https://bugzilla.suse.com/884991

https://bugzilla.suse.com/884992

https://bugzilla.suse.com/885961

https://bugzilla.suse.com/886059

https://bugzilla.suse.com/886060

https://bugzilla.suse.com/893849

https://bugzilla.suse.com/893853

https://bugzilla.suse.com/902357

https://bugzilla.suse.com/902360

https://bugzilla.suse.com/902368

https://bugzilla.suse.com/910659

https://bugzilla.suse.com/914690

https://bugzilla.suse.com/917150

https://bugzilla.suse.com/918768

https://bugzilla.suse.com/919080

https://bugzilla.suse.com/921950

https://bugzilla.suse.com/922451

https://bugzilla.suse.com/922452

https://bugzilla.suse.com/923945

https://bugzilla.suse.com/924972

https://bugzilla.suse.com/925109

https://bugzilla.suse.com/928506

https://bugzilla.suse.com/928511

https://bugzilla.suse.com/931421

https://bugzilla.suse.com/931769

https://bugzilla.suse.com/931772

https://bugzilla.suse.com/931776

https://bugzilla.suse.com/933227

https://bugzilla.suse.com/935074

https://bugzilla.suse.com/935224

https://bugzilla.suse.com/935226

https://bugzilla.suse.com/935227

https://bugzilla.suse.com/935229

https://bugzilla.suse.com/935232

https://bugzilla.suse.com/935234

https://bugzilla.suse.com/935274

https://bugzilla.suse.com/935275

https://bugzilla.suse.com/938719

https://bugzilla.suse.com/938721

https://bugzilla.suse.com/942291

https://bugzilla.suse.com/942296

https://bugzilla.suse.com/945412

https://bugzilla.suse.com/945428

https://bugzilla.suse.com/949961

https://bugzilla.suse.com/968284

https://bugzilla.suse.com/969821

https://bugzilla.suse.com/971611

https://bugzilla.suse.com/971612

https://bugzilla.suse.com/971912

https://bugzilla.suse.com/973351

https://bugzilla.suse.com/973792

https://bugzilla.suse.com/976996

https://bugzilla.suse.com/976997

https://bugzilla.suse.com/977003

https://bugzilla.suse.com/977005

https://bugzilla.suse.com/977991

https://bugzilla.suse.com/977994

https://bugzilla.suse.com/978827

https://bugzilla.suse.com/978828

https://bugzilla.suse.com/978829

https://bugzilla.suse.com/978830

https://bugzilla.suse.com/980366

https://bugzilla.suse.com/980373

https://bugzilla.suse.com/980375

https://bugzilla.suse.com/981050

https://bugzilla.suse.com/982010

https://bugzilla.suse.com/982011

https://bugzilla.suse.com/982012

https://bugzilla.suse.com/982013

https://bugzilla.suse.com/982162

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org