SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

This update for php53 fixes the following issues :

- CVE-2016-5093: A get_icu_value_internal out-of-bounds
read could crash the php interpreter (bsc#982010)

- CVE-2016-5094,CVE-2016-5095: Don't allow creating
strings with lengths outside int range, avoids overflows
(bsc#982011,bsc#982012)

- CVE-2016-5096: A int/size_t confusion in fread could
corrupt memory (bsc#982013)

- CVE-2016-5114: A fpm_log.c memory leak and buffer
overflow could leak information out of the php process
or overwrite a buffer by 1 byte (bsc#982162)

- CVE-2016-4346: A heap overflow was fixed in
ext/standard/string.c (bsc#977994)

- CVE-2016-4342: A heap corruption was fixed in
tar/zip/phar parser (bsc#977991)

- CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative
scale causing heap buffer overflow corrupting _one_
definition (bsc#978827)

- CVE-2016-4539: Malformed input causes segmentation fault
in xml_parse_into_struct() function (bsc#978828)

- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
in zif_grapheme_stripos when given negative offset
(bsc#978829)

- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
Out-of-bounds heap memory read in exif_read_data()
caused by malformed input (bsc#978830)

- CVE-2015-4116: Use-after-free vulnerability in the
spl_ptr_heap_insert function (bsc#980366)

- CVE-2015-8873: Stack consumption vulnerability in
Zend/zend_exceptions.c (bsc#980373)

- CVE-2015-8874: Stack consumption vulnerability in GD
(bsc#980375)

- CVE-2015-8879: odbc_bindcols function in
ext/odbc/php_odbc.c mishandles driver behavior for
SQL_WVARCHAR (bsc#981050)

Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet
shipped to SUSE Linux Enterprise Server 11 SP3 LTSS :

- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM
(bnc#973792).

- CVE-2015-8835: SoapClient s_call method suffered from a
type confusion issue that could have lead to crashes
[bsc#973351]

- CVE-2016-2554: A NULL pointer dereference in
phar_get_fp_offset could lead to crashes. [bsc#968284]

- CVE-2015-7803: A Stack overflow vulnerability when
decompressing tar phar archives could potentially lead
to code execution. [bsc#949961]

- CVE-2016-3141: A use-after-free / double-free in the
WDDX deserialization could lead to crashes or potential
code execution. [bsc#969821]

- CVE-2016-3142: An Out-of-bounds read in
phar_parse_zipfile() could lead to crashes. [bsc#971912]

- CVE-2014-9767: A directory traversal when extracting zip
files was fixed that could lead to overwritten files.
[bsc#971612]

- CVE-2016-3185: A type confusion vulnerability in
make_http_soap_request() could lead to crashes or
potentially code execution. [bsc#971611]

- CVE-2016-4073: A remote attacker could have caused
denial of service, or possibly execute arbitrary code,
due to incorrect handling of string length calculations
in mb_strcut() (bsc#977003)

- CVE-2015-8867: The PHP function
openssl_random_pseudo_bytes() did not return
cryptographically secure random bytes (bsc#977005)

- CVE-2016-4070: The libxml_disable_entity_loader()
setting was shared between threads, which could have
resulted in XML external entity injection and entity
expansion issues (bsc#976997)

- CVE-2015-8866: A remote attacker could have caused
denial of service due to incorrect handling of large
strings in php_raw_url_encode() (bsc#976996)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/949961
https://bugzilla.suse.com/968284
https://bugzilla.suse.com/969821
https://bugzilla.suse.com/971611
https://bugzilla.suse.com/971612
https://bugzilla.suse.com/971912
https://bugzilla.suse.com/973351
https://bugzilla.suse.com/973792
https://bugzilla.suse.com/976996
https://bugzilla.suse.com/976997
https://bugzilla.suse.com/977003
https://bugzilla.suse.com/977005
https://bugzilla.suse.com/977991
https://bugzilla.suse.com/977994
https://bugzilla.suse.com/978827
https://bugzilla.suse.com/978828
https://bugzilla.suse.com/978829
https://bugzilla.suse.com/978830
https://bugzilla.suse.com/980366
https://bugzilla.suse.com/980373
https://bugzilla.suse.com/980375
https://bugzilla.suse.com/981050
https://bugzilla.suse.com/982010
https://bugzilla.suse.com/982011
https://bugzilla.suse.com/982012
https://bugzilla.suse.com/982013
https://bugzilla.suse.com/982162
https://www.suse.com/security/cve/CVE-2014-9767.html
https://www.suse.com/security/cve/CVE-2015-4116.html
https://www.suse.com/security/cve/CVE-2015-7803.html
https://www.suse.com/security/cve/CVE-2015-8835.html
https://www.suse.com/security/cve/CVE-2015-8838.html
https://www.suse.com/security/cve/CVE-2015-8866.html
https://www.suse.com/security/cve/CVE-2015-8867.html
https://www.suse.com/security/cve/CVE-2015-8873.html
https://www.suse.com/security/cve/CVE-2015-8874.html
https://www.suse.com/security/cve/CVE-2015-8879.html
https://www.suse.com/security/cve/CVE-2016-2554.html
https://www.suse.com/security/cve/CVE-2016-3141.html
https://www.suse.com/security/cve/CVE-2016-3142.html
https://www.suse.com/security/cve/CVE-2016-3185.html
https://www.suse.com/security/cve/CVE-2016-4070.html
https://www.suse.com/security/cve/CVE-2016-4073.html
https://www.suse.com/security/cve/CVE-2016-4342.html
https://www.suse.com/security/cve/CVE-2016-4346.html
https://www.suse.com/security/cve/CVE-2016-4537.html
https://www.suse.com/security/cve/CVE-2016-4538.html
https://www.suse.com/security/cve/CVE-2016-4539.html
https://www.suse.com/security/cve/CVE-2016-4540.html
https://www.suse.com/security/cve/CVE-2016-4541.html
https://www.suse.com/security/cve/CVE-2016-4542.html
https://www.suse.com/security/cve/CVE-2016-4543.html
https://www.suse.com/security/cve/CVE-2016-4544.html
https://www.suse.com/security/cve/CVE-2016-5093.html
https://www.suse.com/security/cve/CVE-2016-5094.html
https://www.suse.com/security/cve/CVE-2016-5095.html
https://www.suse.com/security/cve/CVE-2016-5096.html
https://www.suse.com/security/cve/CVE-2016-5114.html
http://www.nessus.org/u?dfe93b5c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 5 :

zypper in -t patch sleclo50sp3-php53-12611=1

SUSE Manager Proxy 2.1 :

zypper in -t patch slemap21-php53-12611=1

SUSE Manager 2.1 :

zypper in -t patch sleman21-php53-12611=1

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-php53-12611=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-php53-12611=1

SUSE Linux Enterprise Server 11-SP3-LTSS :

zypper in -t patch slessp3-php53-12611=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-php53-12611=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-php53-12611=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true