Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.2574
SUSE Security Update: Security update for php7
2 November 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php7
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-8670 CVE-2016-7568 CVE-2016-7418
CVE-2016-7417 CVE-2016-7416 CVE-2016-7414
CVE-2016-7413 CVE-2016-7412 CVE-2016-7134
CVE-2016-7133 CVE-2016-7132 CVE-2016-7131
CVE-2016-7130 CVE-2016-7129 CVE-2016-7128
CVE-2016-7127 CVE-2016-7126 CVE-2016-7125
CVE-2016-7124 CVE-2016-6911 CVE-2016-6297
CVE-2016-6296 CVE-2016-6295 CVE-2016-6292
CVE-2016-6291 CVE-2016-6290 CVE-2016-6289
CVE-2016-6207 CVE-2016-6161 CVE-2016-6128
CVE-2016-5399 CVE-2016-4473
Reference: ESB-2016.2558
ESB-2016.2542
ESB-2016.2427
ESB-2016.2355
ESB-2016.2352
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2460-2
Rating: important
References: #1001950 #987580 #988032 #991422 #991424
#991426 #991427 #991428 #991429 #991430 #991434
#991437 #995512 #997206 #997207 #997208 #997210
#997211 #997220 #997225 #997230 #997247 #997248
#997257 #999313 #999679 #999680 #999684 #999685
#999819 #999820
Cross-References: CVE-2016-4473 CVE-2016-5399 CVE-2016-6128
CVE-2016-6161 CVE-2016-6207 CVE-2016-6289
CVE-2016-6290 CVE-2016-6291 CVE-2016-6292
CVE-2016-6295 CVE-2016-6296 CVE-2016-6297
CVE-2016-7124 CVE-2016-7125 CVE-2016-7126
CVE-2016-7127 CVE-2016-7128 CVE-2016-7129
CVE-2016-7130 CVE-2016-7131 CVE-2016-7132
CVE-2016-7133 CVE-2016-7134 CVE-2016-7412
CVE-2016-7413 CVE-2016-7414 CVE-2016-7416
CVE-2016-7417 CVE-2016-7418
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________
An update that solves 29 vulnerabilities and has two fixes
is now available.
Description:
This update for php7 fixes the following security issues:
* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
* CVE-2016-6161: global out of bounds read when encoding gif from
malformed input withgd2togif [bsc#988032]
* CVE-2016-6292: Null pointer dereference in exif_process_user_comment
[bsc#991422]
* CVE-2016-6295: Use after free in SNMP with GC and unserialize()
[bsc#991424]
* CVE-2016-6297: Stack-based buffer overflow vulnerability in
php_stream_zip_opener [bsc#991426]
* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
[bsc#991427]
* CVE-2016-6289: Integer overflow leads to buffer overflow in
virtual_file_ex [bsc#991428]
* CVE-2016-6290: Use after free in unserialize() with Unexpected Session
Deserialization [bsc#991429]
* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn
in simplestring.c [bsc#991437]
* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
[bsc#991434]
* CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()
* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()
in Deserialization
* CVE-2016-7125: PHP Session Data Injection Vulnerability
* CVE-2016-7126: select_colors write out-of-bounds
* CVE-2016-7127: imagegammacorrect allowed arbitrary write access
* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
* CVE-2016-7129: wddx_deserialize allowed illegal memory access
* CVE-2016-7131: wddx_deserialize null dereference with invalid xml
* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
* CVE-2016-7133: memory allocator fails to realloc small block to large one
* CVE-2016-7134: Heap overflow in the function curl_escape
* CVE-2016-7130: wddx_deserialize null dereference
* CVE-2016-7413: Use after free in wddx_deserialize
* CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG
in BIT field
* CVE-2016-7417: Missing type check when unserializing SplArray
* CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
* CVE-2016-7418: Null pointer dereference in php_wddx_push_element
* CVE-2016-7414: Out of bounds heap read when verifying signature of zip
phar in phar_parse_zipfile
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1434=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64):
apache2-mod_php7-7.0.7-15.1
apache2-mod_php7-debuginfo-7.0.7-15.1
php7-7.0.7-15.1
php7-bcmath-7.0.7-15.1
php7-bcmath-debuginfo-7.0.7-15.1
php7-bz2-7.0.7-15.1
php7-bz2-debuginfo-7.0.7-15.1
php7-calendar-7.0.7-15.1
php7-calendar-debuginfo-7.0.7-15.1
php7-ctype-7.0.7-15.1
php7-ctype-debuginfo-7.0.7-15.1
php7-curl-7.0.7-15.1
php7-curl-debuginfo-7.0.7-15.1
php7-dba-7.0.7-15.1
php7-dba-debuginfo-7.0.7-15.1
php7-debuginfo-7.0.7-15.1
php7-debugsource-7.0.7-15.1
php7-dom-7.0.7-15.1
php7-dom-debuginfo-7.0.7-15.1
php7-enchant-7.0.7-15.1
php7-enchant-debuginfo-7.0.7-15.1
php7-exif-7.0.7-15.1
php7-exif-debuginfo-7.0.7-15.1
php7-fastcgi-7.0.7-15.1
php7-fastcgi-debuginfo-7.0.7-15.1
php7-fileinfo-7.0.7-15.1
php7-fileinfo-debuginfo-7.0.7-15.1
php7-fpm-7.0.7-15.1
php7-fpm-debuginfo-7.0.7-15.1
php7-ftp-7.0.7-15.1
php7-ftp-debuginfo-7.0.7-15.1
php7-gd-7.0.7-15.1
php7-gd-debuginfo-7.0.7-15.1
php7-gettext-7.0.7-15.1
php7-gettext-debuginfo-7.0.7-15.1
php7-gmp-7.0.7-15.1
php7-gmp-debuginfo-7.0.7-15.1
php7-iconv-7.0.7-15.1
php7-iconv-debuginfo-7.0.7-15.1
php7-imap-7.0.7-15.1
php7-imap-debuginfo-7.0.7-15.1
php7-intl-7.0.7-15.1
php7-intl-debuginfo-7.0.7-15.1
php7-json-7.0.7-15.1
php7-json-debuginfo-7.0.7-15.1
php7-ldap-7.0.7-15.1
php7-ldap-debuginfo-7.0.7-15.1
php7-mbstring-7.0.7-15.1
php7-mbstring-debuginfo-7.0.7-15.1
php7-mcrypt-7.0.7-15.1
php7-mcrypt-debuginfo-7.0.7-15.1
php7-mysql-7.0.7-15.1
php7-mysql-debuginfo-7.0.7-15.1
php7-odbc-7.0.7-15.1
php7-odbc-debuginfo-7.0.7-15.1
php7-opcache-7.0.7-15.1
php7-opcache-debuginfo-7.0.7-15.1
php7-openssl-7.0.7-15.1
php7-openssl-debuginfo-7.0.7-15.1
php7-pcntl-7.0.7-15.1
php7-pcntl-debuginfo-7.0.7-15.1
php7-pdo-7.0.7-15.1
php7-pdo-debuginfo-7.0.7-15.1
php7-pgsql-7.0.7-15.1
php7-pgsql-debuginfo-7.0.7-15.1
php7-phar-7.0.7-15.1
php7-phar-debuginfo-7.0.7-15.1
php7-posix-7.0.7-15.1
php7-posix-debuginfo-7.0.7-15.1
php7-pspell-7.0.7-15.1
php7-pspell-debuginfo-7.0.7-15.1
php7-shmop-7.0.7-15.1
php7-shmop-debuginfo-7.0.7-15.1
php7-snmp-7.0.7-15.1
php7-snmp-debuginfo-7.0.7-15.1
php7-soap-7.0.7-15.1
php7-soap-debuginfo-7.0.7-15.1
php7-sockets-7.0.7-15.1
php7-sockets-debuginfo-7.0.7-15.1
php7-sqlite-7.0.7-15.1
php7-sqlite-debuginfo-7.0.7-15.1
php7-sysvmsg-7.0.7-15.1
php7-sysvmsg-debuginfo-7.0.7-15.1
php7-sysvsem-7.0.7-15.1
php7-sysvsem-debuginfo-7.0.7-15.1
php7-sysvshm-7.0.7-15.1
php7-sysvshm-debuginfo-7.0.7-15.1
php7-tokenizer-7.0.7-15.1
php7-tokenizer-debuginfo-7.0.7-15.1
php7-wddx-7.0.7-15.1
php7-wddx-debuginfo-7.0.7-15.1
php7-xmlreader-7.0.7-15.1
php7-xmlreader-debuginfo-7.0.7-15.1
php7-xmlrpc-7.0.7-15.1
php7-xmlrpc-debuginfo-7.0.7-15.1
php7-xmlwriter-7.0.7-15.1
php7-xmlwriter-debuginfo-7.0.7-15.1
php7-xsl-7.0.7-15.1
php7-xsl-debuginfo-7.0.7-15.1
php7-zip-7.0.7-15.1
php7-zip-debuginfo-7.0.7-15.1
php7-zlib-7.0.7-15.1
php7-zlib-debuginfo-7.0.7-15.1
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php7-pear-7.0.7-15.1
php7-pear-Archive_Tar-7.0.7-15.1
References:
https://www.suse.com/security/cve/CVE-2016-4473.html
https://www.suse.com/security/cve/CVE-2016-5399.html
https://www.suse.com/security/cve/CVE-2016-6128.html
https://www.suse.com/security/cve/CVE-2016-6161.html
https://www.suse.com/security/cve/CVE-2016-6207.html
https://www.suse.com/security/cve/CVE-2016-6289.html
https://www.suse.com/security/cve/CVE-2016-6290.html
https://www.suse.com/security/cve/CVE-2016-6291.html
https://www.suse.com/security/cve/CVE-2016-6292.html
https://www.suse.com/security/cve/CVE-2016-6295.html
https://www.suse.com/security/cve/CVE-2016-6296.html
https://www.suse.com/security/cve/CVE-2016-6297.html
https://www.suse.com/security/cve/CVE-2016-7124.html
https://www.suse.com/security/cve/CVE-2016-7125.html
https://www.suse.com/security/cve/CVE-2016-7126.html
https://www.suse.com/security/cve/CVE-2016-7127.html
https://www.suse.com/security/cve/CVE-2016-7128.html
https://www.suse.com/security/cve/CVE-2016-7129.html
https://www.suse.com/security/cve/CVE-2016-7130.html
https://www.suse.com/security/cve/CVE-2016-7131.html
https://www.suse.com/security/cve/CVE-2016-7132.html
https://www.suse.com/security/cve/CVE-2016-7133.html
https://www.suse.com/security/cve/CVE-2016-7134.html
https://www.suse.com/security/cve/CVE-2016-7412.html
https://www.suse.com/security/cve/CVE-2016-7413.html
https://www.suse.com/security/cve/CVE-2016-7414.html
https://www.suse.com/security/cve/CVE-2016-7416.html
https://www.suse.com/security/cve/CVE-2016-7417.html
https://www.suse.com/security/cve/CVE-2016-7418.html
https://bugzilla.suse.com/1001950
https://bugzilla.suse.com/987580
https://bugzilla.suse.com/988032
https://bugzilla.suse.com/991422
https://bugzilla.suse.com/991424
https://bugzilla.suse.com/991426
https://bugzilla.suse.com/991427
https://bugzilla.suse.com/991428
https://bugzilla.suse.com/991429
https://bugzilla.suse.com/991430
https://bugzilla.suse.com/991434
https://bugzilla.suse.com/991437
https://bugzilla.suse.com/995512
https://bugzilla.suse.com/997206
https://bugzilla.suse.com/997207
https://bugzilla.suse.com/997208
https://bugzilla.suse.com/997210
https://bugzilla.suse.com/997211
https://bugzilla.suse.com/997220
https://bugzilla.suse.com/997225
https://bugzilla.suse.com/997230
https://bugzilla.suse.com/997247
https://bugzilla.suse.com/997248
https://bugzilla.suse.com/997257
https://bugzilla.suse.com/999313
https://bugzilla.suse.com/999679
https://bugzilla.suse.com/999680
https://bugzilla.suse.com/999684
https://bugzilla.suse.com/999685
https://bugzilla.suse.com/999819
https://bugzilla.suse.com/999820
- --
- ---
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2683-2
Rating: important
References: #1001900 #1004924 #1005274
Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for php7 fixes the following security issue:
- CVE-2016-7568: A specially crafted image file could cause an application
crash or potentially execute arbitrary code when the image is converted
to webp (bsc#1001900)
- CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924)
- CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf()
(bsc#1005274)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1576=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64):
apache2-mod_php7-7.0.7-20.1
apache2-mod_php7-debuginfo-7.0.7-20.1
php7-7.0.7-20.1
php7-bcmath-7.0.7-20.1
php7-bcmath-debuginfo-7.0.7-20.1
php7-bz2-7.0.7-20.1
php7-bz2-debuginfo-7.0.7-20.1
php7-calendar-7.0.7-20.1
php7-calendar-debuginfo-7.0.7-20.1
php7-ctype-7.0.7-20.1
php7-ctype-debuginfo-7.0.7-20.1
php7-curl-7.0.7-20.1
php7-curl-debuginfo-7.0.7-20.1
php7-dba-7.0.7-20.1
php7-dba-debuginfo-7.0.7-20.1
php7-debuginfo-7.0.7-20.1
php7-debugsource-7.0.7-20.1
php7-dom-7.0.7-20.1
php7-dom-debuginfo-7.0.7-20.1
php7-enchant-7.0.7-20.1
php7-enchant-debuginfo-7.0.7-20.1
php7-exif-7.0.7-20.1
php7-exif-debuginfo-7.0.7-20.1
php7-fastcgi-7.0.7-20.1
php7-fastcgi-debuginfo-7.0.7-20.1
php7-fileinfo-7.0.7-20.1
php7-fileinfo-debuginfo-7.0.7-20.1
php7-fpm-7.0.7-20.1
php7-fpm-debuginfo-7.0.7-20.1
php7-ftp-7.0.7-20.1
php7-ftp-debuginfo-7.0.7-20.1
php7-gd-7.0.7-20.1
php7-gd-debuginfo-7.0.7-20.1
php7-gettext-7.0.7-20.1
php7-gettext-debuginfo-7.0.7-20.1
php7-gmp-7.0.7-20.1
php7-gmp-debuginfo-7.0.7-20.1
php7-iconv-7.0.7-20.1
php7-iconv-debuginfo-7.0.7-20.1
php7-imap-7.0.7-20.1
php7-imap-debuginfo-7.0.7-20.1
php7-intl-7.0.7-20.1
php7-intl-debuginfo-7.0.7-20.1
php7-json-7.0.7-20.1
php7-json-debuginfo-7.0.7-20.1
php7-ldap-7.0.7-20.1
php7-ldap-debuginfo-7.0.7-20.1
php7-mbstring-7.0.7-20.1
php7-mbstring-debuginfo-7.0.7-20.1
php7-mcrypt-7.0.7-20.1
php7-mcrypt-debuginfo-7.0.7-20.1
php7-mysql-7.0.7-20.1
php7-mysql-debuginfo-7.0.7-20.1
php7-odbc-7.0.7-20.1
php7-odbc-debuginfo-7.0.7-20.1
php7-opcache-7.0.7-20.1
php7-opcache-debuginfo-7.0.7-20.1
php7-openssl-7.0.7-20.1
php7-openssl-debuginfo-7.0.7-20.1
php7-pcntl-7.0.7-20.1
php7-pcntl-debuginfo-7.0.7-20.1
php7-pdo-7.0.7-20.1
php7-pdo-debuginfo-7.0.7-20.1
php7-pgsql-7.0.7-20.1
php7-pgsql-debuginfo-7.0.7-20.1
php7-phar-7.0.7-20.1
php7-phar-debuginfo-7.0.7-20.1
php7-posix-7.0.7-20.1
php7-posix-debuginfo-7.0.7-20.1
php7-pspell-7.0.7-20.1
php7-pspell-debuginfo-7.0.7-20.1
php7-shmop-7.0.7-20.1
php7-shmop-debuginfo-7.0.7-20.1
php7-snmp-7.0.7-20.1
php7-snmp-debuginfo-7.0.7-20.1
php7-soap-7.0.7-20.1
php7-soap-debuginfo-7.0.7-20.1
php7-sockets-7.0.7-20.1
php7-sockets-debuginfo-7.0.7-20.1
php7-sqlite-7.0.7-20.1
php7-sqlite-debuginfo-7.0.7-20.1
php7-sysvmsg-7.0.7-20.1
php7-sysvmsg-debuginfo-7.0.7-20.1
php7-sysvsem-7.0.7-20.1
php7-sysvsem-debuginfo-7.0.7-20.1
php7-sysvshm-7.0.7-20.1
php7-sysvshm-debuginfo-7.0.7-20.1
php7-tokenizer-7.0.7-20.1
php7-tokenizer-debuginfo-7.0.7-20.1
php7-wddx-7.0.7-20.1
php7-wddx-debuginfo-7.0.7-20.1
php7-xmlreader-7.0.7-20.1
php7-xmlreader-debuginfo-7.0.7-20.1
php7-xmlrpc-7.0.7-20.1
php7-xmlrpc-debuginfo-7.0.7-20.1
php7-xmlwriter-7.0.7-20.1
php7-xmlwriter-debuginfo-7.0.7-20.1
php7-xsl-7.0.7-20.1
php7-xsl-debuginfo-7.0.7-20.1
php7-zip-7.0.7-20.1
php7-zip-debuginfo-7.0.7-20.1
php7-zlib-7.0.7-20.1
php7-zlib-debuginfo-7.0.7-20.1
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
php7-pear-7.0.7-20.1
php7-pear-Archive_Tar-7.0.7-20.1
References:
https://www.suse.com/security/cve/CVE-2016-6911.html
https://www.suse.com/security/cve/CVE-2016-7568.html
https://www.suse.com/security/cve/CVE-2016-8670.html
https://bugzilla.suse.com/1001900
https://bugzilla.suse.com/1004924
https://bugzilla.suse.com/1005274
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWBmQpIx+lLeg9Ub1AQjzbhAAnoupVpIowcavZJ7d+5bDn7NRZjOPS7iH
OWcey9Zu/mqEVmk//Cnbg3J4yu9jl35DE9kJTyQNr1+rar1Pj7cMJFYRh+tWoFQM
lvin84Pl7VSC9qtJ+SPrz2yfJjC1HTBFHRFibNxLnSHW2BsohwOTO/U5ULvVpDW6
76mEuRmx4CErvGJMPN+E2BF+AlzMUqmoA+NGFlNAXSkvB/mgtdHSaebp+EBAgfkz
rIJ3jkct5cRDQ0zRsKbDvc9yOlLt69rQhiZ6qpO1Zc57hCmWuxkrsu3Ruf0ATlvA
P2vSCgl9KMmyioBGDWG7JI9Y+S86C+0XyFDrRctw843GmWDl79v4gCV8blzsEMye
mKhS0rXbE8eeRIhSxu+QcYJAvt4VOsI4VaOOuyVdTB9O0iETE7Cbg/Wsv7tnGF1C
tMbTAXuAyZAwIrQDiWl2pq60zszabCN+pkGCXdLQkn/nCeGvh1OP1KIWzrII5grM
q76VgqD1+PUxNqNPCdYqeCjqC6a2yUGfOlw/HYsUuvKxmBYR+L9kkkeytjfKCEsL
gTIJVbOkX+wv+BnmdpXaYZS/4JTW8oSI1RzuOTeCFPoPtwziTjTd3ytim8Ftw8ab
xvJPWRiUzog2WbdTuw3lkIK+b1UIHuzZULnluhE+uDuzXGpHqYpBvGNp/NKwZFZC
cK+DtwYtnsI=
=pg4P
-----END PGP SIGNATURE-----