Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851313
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for php5 (openSUSE-SU-2016:1274-1)
Zusammenfassung:The remote host is missing an update for the 'php5'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'php5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for php5 fixes the following issues:

- CVE-2016-4073: A remote attacker could have caused denial of service, or
possibly execute arbitrary code, due to incorrect handling of string
length calculations in mb_strcut() (bsc#977003)

- CVE-2016-3074: Signedness vulnerability in bundled libgd may have
resulted in a heap overflow when processing compressed gd2 data.
(boo#976775)

- CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not
return cryptographically secure random bytes (bsc#977005)

- CVE-2016-4070: The libxml_disable_entity_loader() setting was shared
between threads, which could have resulted in XML external entity
injection and entity expansion issues (bsc#976997)

- CVE-2015-8866: A remote attacker could have caused denial of service due
to incorrect handling of large strings in php_raw_url_encode()
(bsc#976996)

- CVE-2016-4071: A remote attacker could have caused denial of service, or
possibly execute arbitrary code, due to incorrect handling of string
formatting in php_snmp_error() (bsc#977000)

Affected Software/OS:
php5 on openSUSE 13.2

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8866
BugTraq ID: 87470
http://www.securityfocus.com/bid/87470
http://www.openwall.com/lists/oss-security/2016/04/24/1
RedHat Security Advisories: RHSA-2016:2750
http://rhn.redhat.com/errata/RHSA-2016-2750.html
SuSE Security Announcement: SUSE-SU-2016:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
SuSE Security Announcement: openSUSE-SU-2016:1274 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
SuSE Security Announcement: openSUSE-SU-2016:1373 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-8867
Common Vulnerability Exposure (CVE) ID: CVE-2016-3074
BugTraq ID: 87087
http://www.securityfocus.com/bid/87087
Bugtraq: 20160421 CVE-2016-3074: libgd: signedness vulnerability (Google Search)
http://www.securityfocus.com/archive/1/538160/100/0/threaded
Debian Security Information: DSA-3556 (Google Search)
http://www.debian.org/security/2016/dsa-3556
Debian Security Information: DSA-3602 (Google Search)
http://www.debian.org/security/2016/dsa-3602
https://www.exploit-db.com/exploits/39736/
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html
http://seclists.org/fulldisclosure/2016/Apr/72
https://security.gentoo.org/glsa/201607-04
https://security.gentoo.org/glsa/201611-22
http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html
http://www.securitytracker.com/id/1035659
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.383127
http://www.ubuntu.com/usn/USN-2987-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-4070
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
BugTraq ID: 85801
http://www.securityfocus.com/bid/85801
Debian Security Information: DSA-3560 (Google Search)
http://www.debian.org/security/2016/dsa-3560
Common Vulnerability Exposure (CVE) ID: CVE-2016-4071
BugTraq ID: 85800
http://www.securityfocus.com/bid/85800
https://www.exploit-db.com/exploits/39645/
Common Vulnerability Exposure (CVE) ID: CVE-2016-4073
BugTraq ID: 85991
http://www.securityfocus.com/bid/85991
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.