SUSE-SU-2016:1842-1
Vulnerability Summary
Timeline
Description
Security update for php5 This update for php5 fixes the following issues: * It is possible to launch a web server with 'php -S localhost:8080' It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5385). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated php server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes. (bnc#988486) * There was multiple cases where a remote attacker could trigger a double free and, given specific PHP code using callbacks, trigger code execution vectors. (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772) * It was possible to inject header or content information (XSS) when a user was using internet explorer as the browser. (bnc#986004, CVE-2015-8935) * In several cases it was possible for a integer overflow to trigger an excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767) * It was possible for an attacker to abuse the garbage collector to free a target array. At this point an attacker could craft a fake zval object and exploit the PHP process by taking over the EIP/RIP. (bnc#986391, CVE-2016-5771)
Affected Systems
- suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-68.1
- suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 5.5.14-68.1
References (19)
- https://www.suse.com/support/update/announcement/2016/suse-su-20161842-1/
- https://bugzilla.suse.com/986004
- https://bugzilla.suse.com/986244
- https://bugzilla.suse.com/986246
- https://bugzilla.suse.com/986386
- https://bugzilla.suse.com/986388
- https://bugzilla.suse.com/986391
- https://bugzilla.suse.com/986392
- https://bugzilla.suse.com/986393
- https://bugzilla.suse.com/988486
- https://www.suse.com/security/cve/CVE-2015-8935
- https://www.suse.com/security/cve/CVE-2016-5385
- https://www.suse.com/security/cve/CVE-2016-5766
- https://www.suse.com/security/cve/CVE-2016-5767
- https://www.suse.com/security/cve/CVE-2016-5768
- https://www.suse.com/security/cve/CVE-2016-5769
- https://www.suse.com/security/cve/CVE-2016-5770
- https://www.suse.com/security/cve/CVE-2016-5771
- https://www.suse.com/security/cve/CVE-2016-5772