SUSE-SU-2018:0806-1
Vulnerability Summary
Timeline
Description
Security update for php53 This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. (bsc#986247) - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. (bsc#986391) - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639)
Affected Systems
- suse•php53&distro=SUSE Linux Enterprise Point of Sale 11 SP3
< 5.3.17-112.20.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
< 5.3.17-112.20.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 5.3.17-112.20.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP4
< 5.3.17-112.20.1
- suse•php53&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 5.3.17-112.20.1
- suse•php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 5.3.17-112.20.1
References (13)
- https://www.suse.com/support/update/announcement/2018/suse-su-20180806-1/
- https://bugzilla.suse.com/1076220
- https://bugzilla.suse.com/1076391
- https://bugzilla.suse.com/1080234
- https://bugzilla.suse.com/1083639
- https://bugzilla.suse.com/986247
- https://bugzilla.suse.com/986391
- https://www.suse.com/security/cve/CVE-2016-10712
- https://www.suse.com/security/cve/CVE-2016-5771
- https://www.suse.com/security/cve/CVE-2016-5773
- https://www.suse.com/security/cve/CVE-2018-5711
- https://www.suse.com/security/cve/CVE-2018-5712
- https://www.suse.com/security/cve/CVE-2018-7584