openSUSE Security Update : php5 (openSUSE-2016-776)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for php5 fixes the following issues :

- CVE-2013-7456: imagescale out-of-bounds read
(bnc#982009).

- CVE-2016-5093: get_icu_value_internal out-of-bounds read
(bnc#982010).

- CVE-2016-5094: Don't create strings with lengths outside
of valid range (bnc#982011).

- CVE-2016-5095: Don't create strings with lengths outside
of valid range (bnc#982012).

- CVE-2016-5096: int/size_t confusion in fread
(bsc#982013).

- CVE-2015-8877: The gdImageScaleTwoPass function in
gd_interpolation.c in the GD Graphics Library (aka
libgd) as used in PHP used inconsistent allocate and
free approaches, which allowed remote attackers to cause
a denial of service (memory consumption) via a crafted
call, as demonstrated by a call to the PHP imagescale
function (bsc#981061).

- CVE-2015-8876: Zend/zend_exceptions.c in PHP did not
validate certain Exception objects, which allowed remote
attackers to cause a denial of service (NULL pointer
dereference and application crash) or trigger unintended
method execution via crafted serialized data
(bsc#981049).

- CVE-2015-8879: The odbc_bindcols function in
ext/odbc/php_odbc.c in PHP mishandles driver behavior
for SQL_WVARCHAR columns, which allowed remote attackers
to cause a denial of service (application crash) in
opportunistic circumstances by leveraging use of the
odbc_fetch_array function to access a certain type of
Microsoft SQL Server table (bsc#981050).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=981049
https://bugzilla.opensuse.org/show_bug.cgi?id=981050
https://bugzilla.opensuse.org/show_bug.cgi?id=981061
https://bugzilla.opensuse.org/show_bug.cgi?id=982009
https://bugzilla.opensuse.org/show_bug.cgi?id=982010
https://bugzilla.opensuse.org/show_bug.cgi?id=982011
https://bugzilla.opensuse.org/show_bug.cgi?id=982012
https://bugzilla.opensuse.org/show_bug.cgi?id=982013

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 91869 ()

Bugtraq ID:

CVE ID: CVE-2013-7456
CVE-2015-8876
CVE-2015-8877
CVE-2015-8879
CVE-2016-5093
CVE-2016-5094
CVE-2016-5095
CVE-2016-5096

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now