Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1197-1 Final 1 1 2015-06-26T13:20:23Z current 2015-06-26T13:20:23Z 2015-06-26T13:20:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 The PHP script interpreter was updated to receive various security fixes: * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html E-Mail link for openSUSE-SU-2015:1197-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings apache2-mod_php5-5.4.20-61.5 php5-5.4.20-61.5 php5-bcmath-5.4.20-61.5 php5-bz2-5.4.20-61.5 php5-calendar-5.4.20-61.5 php5-ctype-5.4.20-61.5 php5-curl-5.4.20-61.5 php5-dba-5.4.20-61.5 php5-devel-5.4.20-61.5 php5-dom-5.4.20-61.5 php5-enchant-5.4.20-61.5 php5-exif-5.4.20-61.5 php5-fastcgi-5.4.20-61.5 php5-fileinfo-5.4.20-61.5 php5-firebird-5.4.20-61.5 php5-fpm-5.4.20-61.5 php5-ftp-5.4.20-61.5 php5-gd-5.4.20-61.5 php5-gettext-5.4.20-61.5 php5-gmp-5.4.20-61.5 php5-iconv-5.4.20-61.5 php5-imap-5.4.20-61.5 php5-intl-5.4.20-61.5 php5-json-5.4.20-61.5 php5-ldap-5.4.20-61.5 php5-mbstring-5.4.20-61.5 php5-mcrypt-5.4.20-61.5 php5-mssql-5.4.20-61.5 php5-mysql-5.4.20-61.5 php5-odbc-5.4.20-61.5 php5-openssl-5.4.20-61.5 php5-pcntl-5.4.20-61.5 php5-pdo-5.4.20-61.5 php5-pear-5.4.20-61.5 php5-pgsql-5.4.20-61.5 php5-phar-5.4.20-61.5 php5-posix-5.4.20-61.5 php5-pspell-5.4.20-61.5 php5-readline-5.4.20-61.5 php5-shmop-5.4.20-61.5 php5-snmp-5.4.20-61.5 php5-soap-5.4.20-61.5 php5-sockets-5.4.20-61.5 php5-sqlite-5.4.20-61.5 php5-suhosin-5.4.20-61.5 php5-sysvmsg-5.4.20-61.5 php5-sysvsem-5.4.20-61.5 php5-sysvshm-5.4.20-61.5 php5-tidy-5.4.20-61.5 php5-tokenizer-5.4.20-61.5 php5-wddx-5.4.20-61.5 php5-xmlreader-5.4.20-61.5 php5-xmlrpc-5.4.20-61.5 php5-xmlwriter-5.4.20-61.5 php5-xsl-5.4.20-61.5 php5-zip-5.4.20-61.5 php5-zlib-5.4.20-61.5 PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. CVE-2015-3411 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-3411.html CVE-2015-3411 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935229 SUSE Bug 935229 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. CVE-2015-3412 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-3412.html CVE-2015-3412 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935229 SUSE Bug 935229 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. CVE-2015-4598 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4598.html CVE-2015-4598 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4599 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4599.html CVE-2015-4599 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. CVE-2015-4600 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4600.html CVE-2015-4600 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. CVE-2015-4601 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4601.html CVE-2015-4601 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4602 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4602.html CVE-2015-4602 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935224 SUSE Bug 935224 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4603 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4603.html CVE-2015-4603 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. CVE-2015-4604 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4604.html CVE-2015-4604 https://bugzilla.suse.com/935225 SUSE Bug 935225 The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. CVE-2015-4605 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4605.html CVE-2015-4605 https://bugzilla.suse.com/935225 SUSE Bug 935225 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. CVE-2015-4643 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4643.html CVE-2015-4643 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935275 SUSE Bug 935275 https://bugzilla.suse.com/980366 SUSE Bug 980366 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. CVE-2015-4644 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00012.html https://www.suse.com/security/cve/CVE-2015-4644.html CVE-2015-4644 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935274 SUSE Bug 935274 https://bugzilla.suse.com/980366 SUSE Bug 980366