SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for php53 fixes the several issues. These security issues
were fixed :

- CVE-2017-12933: The finish_nested_data function in
ext/standard/var_unserializer.re was prone to a buffer
over-read while unserializing untrusted data.
Exploitation of this issue could have had an unspecified
impact on the integrity of PHP (bsc#1054430).

- CVE-2017-11628: Stack-based buffer overflow in the
zend_ini_do_op() function in Zend/zend_ini_parser.c
could have caused a denial of service or potentially
allowed executing code (bsc#1050726).

- CVE-2017-7890: The GIF decoding function
gdImageCreateFromGifCtx in the GD Graphics Library did
not zero colorMap arrays use. A specially crafted GIF
image could use the uninitialized tables to read ~700
bytes from the top of the stack, potentially disclosing
sensitive information (bsc#1050241).

- CVE-2016-5766: Integer overflow in the _gd2GetHeader in
the GD Graphics Library (aka libgd) allowed remote
attackers to cause a denial of service (heap-based
buffer overflow and application crash) or possibly have
unspecified other impact via crafted chunk dimensions in
an image (bsc#986386).

- CVE-2017-11145: An error in the date extension's
timelib_meridian parsing code could have been used by
attackers able to supply date strings to leak
information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting
the php_parse_date function (bsc#1048112).

- CVE-2017-11146: Lack of bounds checks in
timelib_meridian parse code could have lead to
information leak [bsc#1048111]

- CVE-2016-10397: Incorrect handling of various URI
components in the URL parser could have been used by
attackers to bypass hostname-specific URL checks
(bsc#1047454).

- CVE-2017-11147: The PHAR archive handler could have been
used by attackers supplying malicious archive files to
crash the PHP interpreter or potentially disclose
information due to a buffer over-read in the
phar_parse_pharfile function (bsc#1048094).

- CVE-2017-11144: The openssl extension PEM sealing code
did not check the return value of the OpenSSL sealing
function, which could have lead to a crash of the PHP
interpreter (bsc#1048096).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1047454
https://bugzilla.suse.com/1048094
https://bugzilla.suse.com/1048096
https://bugzilla.suse.com/1048111
https://bugzilla.suse.com/1048112
https://bugzilla.suse.com/1050241
https://bugzilla.suse.com/1050726
https://bugzilla.suse.com/1054430
https://bugzilla.suse.com/986386
https://www.suse.com/security/cve/CVE-2016-10168.html
https://www.suse.com/security/cve/CVE-2016-10397.html
https://www.suse.com/security/cve/CVE-2016-5766.html
https://www.suse.com/security/cve/CVE-2017-11144.html
https://www.suse.com/security/cve/CVE-2017-11145.html
https://www.suse.com/security/cve/CVE-2017-11146.html
https://www.suse.com/security/cve/CVE-2017-11147.html
https://www.suse.com/security/cve/CVE-2017-11628.html
https://www.suse.com/security/cve/CVE-2017-12933.html
https://www.suse.com/security/cve/CVE-2017-7890.html
http://www.nessus.org/u?c977181c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-php53-13282=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-php53-13282=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-php53-13282=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now