openSUSE Security Update : php5 (openSUSE-2016-696)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for php5 fixes the following issues :

Security issues fixed :

- CVE-2016-4346: heap overflow in ext/standard/string.c
(bsc#977994)

- CVE-2016-4342: heap corruption in tar/zip/phar parser
(bsc#977991)

- CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative
scale causing heap buffer overflow corrupting _one_
definition (bsc#978827)

- CVE-2016-4539: Malformed input causes segmentation fault
in xml_parse_into_struct() function (bsc#978828)

- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
in zif_grapheme_stripos when given negative offset
(bsc#978829)

- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
Out-of-bounds heap memory read in exif_read_data()
caused by malformed input (bsc#978830)

- CVE-2015-4116: Use-after-free vulnerability in the
spl_ptr_heap_insert function (bsc#980366)

- CVE-2015-8873: Stack consumption vulnerability in
Zend/zend_exceptions.c (bsc#980373)

- CVE-2015-8874: Stack consumption vulnerability in GD
(bsc#980375)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=977991
https://bugzilla.opensuse.org/show_bug.cgi?id=977994
https://bugzilla.opensuse.org/show_bug.cgi?id=978827
https://bugzilla.opensuse.org/show_bug.cgi?id=978828
https://bugzilla.opensuse.org/show_bug.cgi?id=978829
https://bugzilla.opensuse.org/show_bug.cgi?id=978830
https://bugzilla.opensuse.org/show_bug.cgi?id=980366
https://bugzilla.opensuse.org/show_bug.cgi?id=980373
https://bugzilla.opensuse.org/show_bug.cgi?id=980375

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now