Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0993-1 Final 1 1 2015-05-27T20:55:59Z current 2015-05-27T20:55:59Z 2015-05-27T20:55:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 php5 was updated to fix four security issues. The following vulnerabilities were fixed: * CVE-2015-4024: Multipart/form-data remote dos Vulnerability (bnc#931421) * CVE-2015-4026: pcntl_exec() does not check path validity (bnc#931776) * CVE-2015-4022: overflow in ftp_genlist() resulting in heap overflow (bnc#931772) * CVE-2015-4021: memory corruption in phar_parse_tarfile when entry filename starts with NULL (bnc#931769) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html E-Mail link for openSUSE-SU-2015:0993-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings apache2-mod_php5-5.4.20-55.2 php5-5.4.20-55.2 php5-bcmath-5.4.20-55.2 php5-bz2-5.4.20-55.2 php5-calendar-5.4.20-55.2 php5-ctype-5.4.20-55.2 php5-curl-5.4.20-55.2 php5-dba-5.4.20-55.2 php5-devel-5.4.20-55.2 php5-dom-5.4.20-55.2 php5-enchant-5.4.20-55.2 php5-exif-5.4.20-55.2 php5-fastcgi-5.4.20-55.2 php5-fileinfo-5.4.20-55.2 php5-firebird-5.4.20-55.2 php5-fpm-5.4.20-55.2 php5-ftp-5.4.20-55.2 php5-gd-5.4.20-55.2 php5-gettext-5.4.20-55.2 php5-gmp-5.4.20-55.2 php5-iconv-5.4.20-55.2 php5-imap-5.4.20-55.2 php5-intl-5.4.20-55.2 php5-json-5.4.20-55.2 php5-ldap-5.4.20-55.2 php5-mbstring-5.4.20-55.2 php5-mcrypt-5.4.20-55.2 php5-mssql-5.4.20-55.2 php5-mysql-5.4.20-55.2 php5-odbc-5.4.20-55.2 php5-openssl-5.4.20-55.2 php5-pcntl-5.4.20-55.2 php5-pdo-5.4.20-55.2 php5-pear-5.4.20-55.2 php5-pgsql-5.4.20-55.2 php5-phar-5.4.20-55.2 php5-posix-5.4.20-55.2 php5-pspell-5.4.20-55.2 php5-readline-5.4.20-55.2 php5-shmop-5.4.20-55.2 php5-snmp-5.4.20-55.2 php5-soap-5.4.20-55.2 php5-sockets-5.4.20-55.2 php5-sqlite-5.4.20-55.2 php5-suhosin-5.4.20-55.2 php5-sysvmsg-5.4.20-55.2 php5-sysvsem-5.4.20-55.2 php5-sysvshm-5.4.20-55.2 php5-tidy-5.4.20-55.2 php5-tokenizer-5.4.20-55.2 php5-wddx-5.4.20-55.2 php5-xmlreader-5.4.20-55.2 php5-xmlrpc-5.4.20-55.2 php5-xmlwriter-5.4.20-55.2 php5-xsl-5.4.20-55.2 php5-zip-5.4.20-55.2 php5-zlib-5.4.20-55.2 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. CVE-2015-4021 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html https://www.suse.com/security/cve/CVE-2015-4021.html CVE-2015-4021 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. CVE-2015-4022 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html https://www.suse.com/security/cve/CVE-2015-4022.html CVE-2015-4022 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/931772 SUSE Bug 931772 https://bugzilla.suse.com/935275 SUSE Bug 935275 https://bugzilla.suse.com/980366 SUSE Bug 980366 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. CVE-2015-4024 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html https://www.suse.com/security/cve/CVE-2015-4024.html CVE-2015-4024 https://bugzilla.suse.com/931421 SUSE Bug 931421 https://bugzilla.suse.com/980366 SUSE Bug 980366 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-4026 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html https://www.suse.com/security/cve/CVE-2015-4026.html CVE-2015-4026 https://bugzilla.suse.com/931776 SUSE Bug 931776 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/980366 SUSE Bug 980366