SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for php53 fixes the following issues: This security issue
was fixed :

- CVE-2017-7272: PHP enabled potential SSRF in
applications that accept an fsockopen hostname argument
with an expectation that the port number is constrained.
Because a :port syntax was recognized, fsockopen used
the port number that is specified in the hostname
argument, instead of the port number in the second
argument of the function (bsc#1031246)

- CVE-2016-6294: The locale_accept_from_http function in
ext/intl/locale/locale_methods.c did not properly
restrict calls to the ICU uloc_acceptLanguageFromHTTP
function, which allowed remote attackers to cause a
denial of service (out-of-bounds read) or possibly have
unspecified other impact via a call with a long argument
(bsc#1035111).

- CVE-2017-9227: An issue was discovered in Oniguruma
6.2.0, as used in mbstring in PHP. A stack out-of-bounds
read occurs in mbc_enc_len() during regular expression
searching. Invalid handling of reg->dmin in
forward_search_range() could result in an invalid
pointer dereference, as an out-of-bounds read from a
stack buffer. (bsc#1040883)

- CVE-2017-9226: An issue was discovered in Oniguruma
6.2.0, as used in Oniguruma-mod in mbstring in PHP. A
heap out-of-bounds write or read occurs in
next_state_val() during regular expression compilation.
Octal numbers larger than 0xff are not handled correctly
in fetch_token() and fetch_token_in_cc(). A malformed
regular expression containing an octal number in the
form of '\700' would produce an invalid code point value
larger than 0xff in next_state_val(), resulting in an
out-of-bounds write memory corruption. (bsc#1040889)

- CVE-2017-9224: An issue was discovered in Oniguruma
6.2.0, as used in Oniguruma-mod in mbstring in PHP. A
stack out-of-bounds read occurs in match_at() during
regular expression searching. A logical error involving
order of validation and access in match_at() could
result in an out-of-bounds read from a stack buffer.
(bsc#1040891)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1031246
https://bugzilla.suse.com/1035111
https://bugzilla.suse.com/1040883
https://bugzilla.suse.com/1040889
https://bugzilla.suse.com/1040891
https://www.suse.com/security/cve/CVE-2016-6294.html
https://www.suse.com/security/cve/CVE-2017-7272.html
https://www.suse.com/security/cve/CVE-2017-9224.html
https://www.suse.com/security/cve/CVE-2017-9226.html
https://www.suse.com/security/cve/CVE-2017-9227.html
http://www.nessus.org/u?66cac47c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-php53-13151=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-php53-13151=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-php53-13151=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 100866 ()

Bugtraq ID:

CVE ID: CVE-2016-6294
CVE-2017-7272
CVE-2017-9224
CVE-2017-9226
CVE-2017-9227

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now