openSUSE Security Update : php5 (openSUSE-2015-163)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

php5 was updated to fix five security issues.

These security issues were fixed :

- CVE-2015-0231: Use-after-free vulnerability in the
process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.37,
5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed
remote attackers to execute arbitrary code via a crafted
unserialize call that leverages improper handling of
duplicate numerical keys within the serialized
properties of an object. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2014-8142
(bnc#910659).

- CVE-2015-0232: The exif_process_unicode function in
ext/exif/exif.c in PHP before 5.4.37, 5.5.x before
5.5.21, and 5.6.x before 5.6.5 allowed remote attackers
to execute arbitrary code or cause a denial of service
(uninitialized pointer free and application crash) via
crafted EXIF data in a JPEG image (bnc#914690).

- CVE-2014-8142: Use-after-free vulnerability in the
process_nested_data function in
ext/standard/var_unserializer.re in PHP before 5.4.36,
5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed
remote attackers to execute arbitrary code via a crafted
unserialize call that leverages improper handling of
duplicate keys within the serialized properties of an
object, a different vulnerability than CVE-2004-1019
(bnc#910659).

- CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component
in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x
through 5.6.4, when mmap was used to read a .php file,
did not properly consider the mapping's length during
processing of an invalid file that begins with a #
character and lacks a newline character, which caused an
out-of-bounds read and might (1) allowed remote
attackers to obtain sensitive information from php-cgi
process memory by leveraging the ability to upload a
.php file or (2) trigger unexpected code execution if a
valid PHP script is present in memory locations adjacent
to the mapping (bnc#911664).

For openSUSE 13.2 this additional security issue was fixed :

- CVE-2014-9426: The apprentice_load function in
libmagic/apprentice.c in the Fileinfo component in PHP
through 5.6.4 attempted to perform a free operation on a
stack-based character array, which allowed remote
attackers to cause a denial of service (memory
corruption or application crash) or possibly have
unspecified other impact via unknown vectors
(bnc#911663).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=907519
https://bugzilla.opensuse.org/show_bug.cgi?id=910659
https://bugzilla.opensuse.org/show_bug.cgi?id=911663
https://bugzilla.opensuse.org/show_bug.cgi?id=911664
https://bugzilla.opensuse.org/show_bug.cgi?id=914690

Solution :

Update the affected php5 packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81418 ()

Bugtraq ID:

CVE ID: CVE-2004-1019
CVE-2014-8142
CVE-2014-9426
CVE-2014-9427
CVE-2015-0231
CVE-2015-0232

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now