SB2016100539 - SUSE Linux update for php53

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2016-7124)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing certain objects in "ext/standard/var_unserializer.c" PHP extension. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system via "__destruct" or "magic" method calls.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2016-7125)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.

3) Out-of-bounds write (CVE-ID: CVE-2016-7126)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.

4) Out-of-bounds write (CVE-ID: CVE-2016-7127)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

5) Information disclosure (CVE-ID: CVE-2016-7128)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

6) Input validation error (CVE-ID: CVE-2016-7129)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.

7) NULL pointer dereference (CVE-ID: CVE-2016-7130)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.

8) NULL pointer dereference (CVE-ID: CVE-2016-7131)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.

9) NULL pointer dereference (CVE-ID: CVE-2016-7132)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.

10) Arbitrary code execution (CVE-ID: CVE-2016-7411)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by deserialized object destruction that may result in memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

11) Arbitrary code execution (CVE-ID: CVE-2016-7412)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

12) Arbitrary code execution (CVE-ID: CVE-2016-7413)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

13) Arbitrary code execution (CVE-ID: CVE-2016-7414)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

14) Arbitrary code execution (CVE-ID: CVE-2016-7416)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

15) Arbitrary code execution (CVE-ID: CVE-2016-7417)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

16) Arbitrary code execution (CVE-ID: CVE-2016-7418)

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html