Test Kennung:	1.3.6.1.4.1.25623.1.0.851332
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for php5 (openSUSE-SU-2016:1553-1)
Zusammenfassung:	The remote host is missing an update for the 'php5'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php5' package(s) announced via the referenced advisory. Vulnerability Insight: This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd), as used in PHP, used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandled driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table Aliased: (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-3074: Integer signedness error in GD Graphics Library (aka libgd or libgd2) allowed remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow (bsc#976775). Affected Software/OS: php5 on openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7456 BugTraq ID: 90859 http://www.securityfocus.com/bid/90859 Debian Security Information: DSA-3587 (Google Search) http://www.debian.org/security/2016/dsa-3587 Debian Security Information: DSA-3602 (Google Search) http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/26/3 RedHat Security Advisories: RHSA-2016:2750 http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.ubuntu.com/usn/USN-3030-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-4116 https://www.htbridge.com/advisory/HTB23262 SuSE Security Announcement: openSUSE-SU-2016:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8873 Common Vulnerability Exposure (CVE) ID: CVE-2015-8874 http://www.ubuntu.com/usn/USN-2987-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8876 Common Vulnerability Exposure (CVE) ID: CVE-2015-8877 Common Vulnerability Exposure (CVE) ID: CVE-2015-8879 Common Vulnerability Exposure (CVE) ID: CVE-2016-3074 BugTraq ID: 87087 http://www.securityfocus.com/bid/87087 Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search) http://www.securityfocus.com/archive/1/538160/100/0/threaded Debian Security Information: DSA-3556 (Google Search) http://www.debian.org/security/2016/dsa-3556 https://www.exploit-db.com/exploits/39736/ http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html http://seclists.org/fulldisclosure/2016/Apr/72 https://security.gentoo.org/glsa/201607-04 https://security.gentoo.org/glsa/201611-22 http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html http://www.securitytracker.com/id/1035659 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127 SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5093 BugTraq ID: 90946 http://www.securityfocus.com/bid/90946 Common Vulnerability Exposure (CVE) ID: CVE-2016-5094 BugTraq ID: 90857 http://www.securityfocus.com/bid/90857 Common Vulnerability Exposure (CVE) ID: CVE-2016-5095 BugTraq ID: 92144 http://www.securityfocus.com/bid/92144 Common Vulnerability Exposure (CVE) ID: CVE-2016-5096 BugTraq ID: 90861 http://www.securityfocus.com/bid/90861 Common Vulnerability Exposure (CVE) ID: CVE-2016-5114 http://www.search-lab.hu/about-us/news/111-some-unusual-vulnerabilities-in-the-php-engine http://www.openwall.com/lists/oss-security/2016/05/29/1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.