SUSE-SU-2016:1581-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20161581-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:1581-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:1581-1
Related
Published
2016-06-14T14:31:52Z
Modified
2016-06-14T14:31:52Z
Summary
Security update for php53
Details

This update for php53 fixes the following issues:

  • CVE-2016-5093: A geticuvalue_internal out-of-bounds read could crash the php interpreter (bsc#982010)
  • CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012)
  • CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013)
  • CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162)
  • CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994)
  • CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991)
  • CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting one definition (bsc#978827)
  • CVE-2016-4539: Malformed input causes segmentation fault in xmlparseinto_struct() function (bsc#978828)
  • CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zifgraphemestripos when given negative offset (bsc#978829)
  • CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exifreaddata() caused by malformed input (bsc#978830)
  • CVE-2015-4116: Use-after-free vulnerability in the splptrheap_insert function (bsc#980366)
  • CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373)
  • CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)
  • CVE-2015-8879: odbcbindcols function in ext/odbc/phpodbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050)

Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phargetfpoffset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in pharparsezipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in makehttpsoaprequest() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut() (bsc#977003) - CVE-2015-8867: The PHP function opensslrandompseudobytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxmldisableentityloader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in phprawurl_encode() (bsc#976996)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-devel": "5.3.17-71.1",
            "php53-readline": "5.3.17-71.1",
            "php53-posix": "5.3.17-71.1",
            "php53-sockets": "5.3.17-71.1",
            "php53-imap": "5.3.17-71.1",
            "php53-sqlite": "5.3.17-71.1",
            "php53-tidy": "5.3.17-71.1"
        }
    ]
}

SUSE:OpenStack Cloud 5 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20OpenStack%20Cloud%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Manager 2.1 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Manager%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Manager Proxy 2.1 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Manager%20Proxy%202.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / php53

Package

Name
php53
Purl
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.17-71.1

Ecosystem specific

{
    "binaries": [
        {
            "php53-ldap": "5.3.17-71.1",
            "php53-gd": "5.3.17-71.1",
            "php53-sysvmsg": "5.3.17-71.1",
            "php53-soap": "5.3.17-71.1",
            "php53-zip": "5.3.17-71.1",
            "php53-curl": "5.3.17-71.1",
            "php53-suhosin": "5.3.17-71.1",
            "php53-mysql": "5.3.17-71.1",
            "php53-pear": "5.3.17-71.1",
            "php53-iconv": "5.3.17-71.1",
            "php53-json": "5.3.17-71.1",
            "php53-odbc": "5.3.17-71.1",
            "php53-sysvsem": "5.3.17-71.1",
            "php53-xmlrpc": "5.3.17-71.1",
            "php53-openssl": "5.3.17-71.1",
            "php53-xmlreader": "5.3.17-71.1",
            "php53-dba": "5.3.17-71.1",
            "php53-xsl": "5.3.17-71.1",
            "php53-sysvshm": "5.3.17-71.1",
            "php53-dom": "5.3.17-71.1",
            "php53-pcntl": "5.3.17-71.1",
            "php53-mbstring": "5.3.17-71.1",
            "php53-pspell": "5.3.17-71.1",
            "php53-intl": "5.3.17-71.1",
            "php53-fileinfo": "5.3.17-71.1",
            "php53-pdo": "5.3.17-71.1",
            "php53-ctype": "5.3.17-71.1",
            "php53-shmop": "5.3.17-71.1",
            "php53-exif": "5.3.17-71.1",
            "php53-gettext": "5.3.17-71.1",
            "php53-calendar": "5.3.17-71.1",
            "php53-xmlwriter": "5.3.17-71.1",
            "php53-zlib": "5.3.17-71.1",
            "php53-ftp": "5.3.17-71.1",
            "php53-tokenizer": "5.3.17-71.1",
            "php53-bcmath": "5.3.17-71.1",
            "php53-pgsql": "5.3.17-71.1",
            "apache2-mod_php53": "5.3.17-71.1",
            "php53-fastcgi": "5.3.17-71.1",
            "php53-mcrypt": "5.3.17-71.1",
            "php53-snmp": "5.3.17-71.1",
            "php53-wddx": "5.3.17-71.1",
            "php53-gmp": "5.3.17-71.1",
            "php53": "5.3.17-71.1",
            "php53-bz2": "5.3.17-71.1"
        }
    ]
}