Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0366-1 Final 1 1 2016-02-07T15:26:05Z current 2016-02-07T15:26:05Z 2016-02-07T15:26:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following issues: - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service (DoS) [bsc#949961] - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified memory when rotating images [bsc#962057] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html E-Mail link for openSUSE-SU-2016:0366-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 apache2-mod_php5-5.5.14-41.1 php5-5.5.14-41.1 php5-bcmath-5.5.14-41.1 php5-bz2-5.5.14-41.1 php5-calendar-5.5.14-41.1 php5-ctype-5.5.14-41.1 php5-curl-5.5.14-41.1 php5-dba-5.5.14-41.1 php5-devel-5.5.14-41.1 php5-dom-5.5.14-41.1 php5-enchant-5.5.14-41.1 php5-exif-5.5.14-41.1 php5-fastcgi-5.5.14-41.1 php5-fileinfo-5.5.14-41.1 php5-firebird-5.5.14-41.1 php5-fpm-5.5.14-41.1 php5-ftp-5.5.14-41.1 php5-gd-5.5.14-41.1 php5-gettext-5.5.14-41.1 php5-gmp-5.5.14-41.1 php5-iconv-5.5.14-41.1 php5-imap-5.5.14-41.1 php5-intl-5.5.14-41.1 php5-json-5.5.14-41.1 php5-ldap-5.5.14-41.1 php5-mbstring-5.5.14-41.1 php5-mcrypt-5.5.14-41.1 php5-mssql-5.5.14-41.1 php5-mysql-5.5.14-41.1 php5-odbc-5.5.14-41.1 php5-opcache-5.5.14-41.1 php5-openssl-5.5.14-41.1 php5-pcntl-5.5.14-41.1 php5-pdo-5.5.14-41.1 php5-pear-5.5.14-41.1 php5-pgsql-5.5.14-41.1 php5-phar-5.5.14-41.1 php5-posix-5.5.14-41.1 php5-pspell-5.5.14-41.1 php5-readline-5.5.14-41.1 php5-shmop-5.5.14-41.1 php5-snmp-5.5.14-41.1 php5-soap-5.5.14-41.1 php5-sockets-5.5.14-41.1 php5-sqlite-5.5.14-41.1 php5-suhosin-5.5.14-41.1 php5-sysvmsg-5.5.14-41.1 php5-sysvsem-5.5.14-41.1 php5-sysvshm-5.5.14-41.1 php5-tidy-5.5.14-41.1 php5-tokenizer-5.5.14-41.1 php5-wddx-5.5.14-41.1 php5-xmlreader-5.5.14-41.1 php5-xmlrpc-5.5.14-41.1 php5-xmlwriter-5.5.14-41.1 php5-xsl-5.5.14-41.1 php5-zip-5.5.14-41.1 php5-zlib-5.5.14-41.1 apache2-mod_php5-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-bcmath-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-bz2-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-calendar-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-ctype-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-curl-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-dba-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-devel-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-dom-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-enchant-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-exif-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-fastcgi-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-fileinfo-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-firebird-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-fpm-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-ftp-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-gd-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-gettext-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-gmp-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-iconv-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-imap-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-intl-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-json-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-ldap-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-mbstring-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-mcrypt-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-mssql-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-mysql-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-odbc-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-opcache-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-openssl-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-pcntl-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-pdo-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-pear-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-pgsql-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-phar-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-posix-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-pspell-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-readline-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-shmop-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-snmp-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-soap-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-sockets-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-sqlite-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-suhosin-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-sysvmsg-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-sysvsem-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-sysvshm-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-tidy-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-tokenizer-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-wddx-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-xmlreader-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-xmlrpc-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-xmlwriter-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-xsl-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-zip-5.5.14-41.1 as a component of openSUSE Leap 42.1 php5-zlib-5.5.14-41.1 as a component of openSUSE Leap 42.1 The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. CVE-2015-7803 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-41.1 openSUSE Leap 42.1:php5-5.5.14-41.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-41.1 openSUSE Leap 42.1:php5-bz2-5.5.14-41.1 openSUSE Leap 42.1:php5-calendar-5.5.14-41.1 openSUSE Leap 42.1:php5-ctype-5.5.14-41.1 openSUSE Leap 42.1:php5-curl-5.5.14-41.1 openSUSE Leap 42.1:php5-dba-5.5.14-41.1 openSUSE Leap 42.1:php5-devel-5.5.14-41.1 openSUSE Leap 42.1:php5-dom-5.5.14-41.1 openSUSE Leap 42.1:php5-enchant-5.5.14-41.1 openSUSE Leap 42.1:php5-exif-5.5.14-41.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-41.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-41.1 openSUSE Leap 42.1:php5-firebird-5.5.14-41.1 openSUSE Leap 42.1:php5-fpm-5.5.14-41.1 openSUSE Leap 42.1:php5-ftp-5.5.14-41.1 openSUSE Leap 42.1:php5-gd-5.5.14-41.1 openSUSE Leap 42.1:php5-gettext-5.5.14-41.1 openSUSE Leap 42.1:php5-gmp-5.5.14-41.1 openSUSE Leap 42.1:php5-iconv-5.5.14-41.1 openSUSE Leap 42.1:php5-imap-5.5.14-41.1 openSUSE Leap 42.1:php5-intl-5.5.14-41.1 openSUSE Leap 42.1:php5-json-5.5.14-41.1 openSUSE Leap 42.1:php5-ldap-5.5.14-41.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-41.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-41.1 openSUSE Leap 42.1:php5-mssql-5.5.14-41.1 openSUSE Leap 42.1:php5-mysql-5.5.14-41.1 openSUSE Leap 42.1:php5-odbc-5.5.14-41.1 openSUSE Leap 42.1:php5-opcache-5.5.14-41.1 openSUSE Leap 42.1:php5-openssl-5.5.14-41.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-41.1 openSUSE Leap 42.1:php5-pdo-5.5.14-41.1 openSUSE Leap 42.1:php5-pear-5.5.14-41.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-41.1 openSUSE Leap 42.1:php5-phar-5.5.14-41.1 openSUSE Leap 42.1:php5-posix-5.5.14-41.1 openSUSE Leap 42.1:php5-pspell-5.5.14-41.1 openSUSE Leap 42.1:php5-readline-5.5.14-41.1 openSUSE Leap 42.1:php5-shmop-5.5.14-41.1 openSUSE Leap 42.1:php5-snmp-5.5.14-41.1 openSUSE Leap 42.1:php5-soap-5.5.14-41.1 openSUSE Leap 42.1:php5-sockets-5.5.14-41.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-41.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-41.1 openSUSE Leap 42.1:php5-tidy-5.5.14-41.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-41.1 openSUSE Leap 42.1:php5-wddx-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-41.1 openSUSE Leap 42.1:php5-xsl-5.5.14-41.1 openSUSE Leap 42.1:php5-zip-5.5.14-41.1 openSUSE Leap 42.1:php5-zlib-5.5.14-41.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html https://www.suse.com/security/cve/CVE-2015-7803.html CVE-2015-7803 https://bugzilla.suse.com/949961 SUSE Bug 949961 https://bugzilla.suse.com/980366 SUSE Bug 980366 The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. CVE-2016-1903 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-41.1 openSUSE Leap 42.1:php5-5.5.14-41.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-41.1 openSUSE Leap 42.1:php5-bz2-5.5.14-41.1 openSUSE Leap 42.1:php5-calendar-5.5.14-41.1 openSUSE Leap 42.1:php5-ctype-5.5.14-41.1 openSUSE Leap 42.1:php5-curl-5.5.14-41.1 openSUSE Leap 42.1:php5-dba-5.5.14-41.1 openSUSE Leap 42.1:php5-devel-5.5.14-41.1 openSUSE Leap 42.1:php5-dom-5.5.14-41.1 openSUSE Leap 42.1:php5-enchant-5.5.14-41.1 openSUSE Leap 42.1:php5-exif-5.5.14-41.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-41.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-41.1 openSUSE Leap 42.1:php5-firebird-5.5.14-41.1 openSUSE Leap 42.1:php5-fpm-5.5.14-41.1 openSUSE Leap 42.1:php5-ftp-5.5.14-41.1 openSUSE Leap 42.1:php5-gd-5.5.14-41.1 openSUSE Leap 42.1:php5-gettext-5.5.14-41.1 openSUSE Leap 42.1:php5-gmp-5.5.14-41.1 openSUSE Leap 42.1:php5-iconv-5.5.14-41.1 openSUSE Leap 42.1:php5-imap-5.5.14-41.1 openSUSE Leap 42.1:php5-intl-5.5.14-41.1 openSUSE Leap 42.1:php5-json-5.5.14-41.1 openSUSE Leap 42.1:php5-ldap-5.5.14-41.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-41.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-41.1 openSUSE Leap 42.1:php5-mssql-5.5.14-41.1 openSUSE Leap 42.1:php5-mysql-5.5.14-41.1 openSUSE Leap 42.1:php5-odbc-5.5.14-41.1 openSUSE Leap 42.1:php5-opcache-5.5.14-41.1 openSUSE Leap 42.1:php5-openssl-5.5.14-41.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-41.1 openSUSE Leap 42.1:php5-pdo-5.5.14-41.1 openSUSE Leap 42.1:php5-pear-5.5.14-41.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-41.1 openSUSE Leap 42.1:php5-phar-5.5.14-41.1 openSUSE Leap 42.1:php5-posix-5.5.14-41.1 openSUSE Leap 42.1:php5-pspell-5.5.14-41.1 openSUSE Leap 42.1:php5-readline-5.5.14-41.1 openSUSE Leap 42.1:php5-shmop-5.5.14-41.1 openSUSE Leap 42.1:php5-snmp-5.5.14-41.1 openSUSE Leap 42.1:php5-soap-5.5.14-41.1 openSUSE Leap 42.1:php5-sockets-5.5.14-41.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-41.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-41.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-41.1 openSUSE Leap 42.1:php5-tidy-5.5.14-41.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-41.1 openSUSE Leap 42.1:php5-wddx-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-41.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-41.1 openSUSE Leap 42.1:php5-xsl-5.5.14-41.1 openSUSE Leap 42.1:php5-zip-5.5.14-41.1 openSUSE Leap 42.1:php5-zlib-5.5.14-41.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html https://www.suse.com/security/cve/CVE-2016-1903.html CVE-2016-1903 https://bugzilla.suse.com/962057 SUSE Bug 962057