SUSE-SU-2016:1633-1
Vulnerability Summary
Timeline
Description
Security update for php5 This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside of valid range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside of valid range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) as used in PHP used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050).
Affected Systems
- suse•imap&distro=SUSE Linux Enterprise Desktop 12
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Desktop 12 SP1
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Software Development Kit 12
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Workstation Extension 12
< 2007e_suse-19.1
- suse•imap&distro=SUSE Linux Enterprise Workstation Extension 12 SP1
< 2007e_suse-19.1
- suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-64.5
- suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12
< 5.5.14-64.5
- suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 5.5.14-64.5
References (17)
- https://www.suse.com/support/update/announcement/2016/suse-su-20161633-1/
- https://bugzilla.suse.com/981049
- https://bugzilla.suse.com/981050
- https://bugzilla.suse.com/981061
- https://bugzilla.suse.com/982009
- https://bugzilla.suse.com/982010
- https://bugzilla.suse.com/982011
- https://bugzilla.suse.com/982012
- https://bugzilla.suse.com/982013
- https://www.suse.com/security/cve/CVE-2013-7456
- https://www.suse.com/security/cve/CVE-2015-8876
- https://www.suse.com/security/cve/CVE-2015-8877
- https://www.suse.com/security/cve/CVE-2015-8879
- https://www.suse.com/security/cve/CVE-2016-5093
- https://www.suse.com/security/cve/CVE-2016-5094
- https://www.suse.com/security/cve/CVE-2016-5095
- https://www.suse.com/security/cve/CVE-2016-5096