SUSE Linux update for php53



Published: 2016-10-05
Risk High
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2016-7124
CVE-2016-7125
CVE-2016-7126
CVE-2016-7127
CVE-2016-7128
CVE-2016-7129
CVE-2016-7130
CVE-2016-7131
CVE-2016-7132
CVE-2016-7411
CVE-2016-7412
CVE-2016-7413
CVE-2016-7414
CVE-2016-7416
CVE-2016-7417
CVE-2016-7418
CWE-ID CWE-502
CWE-74
CWE-787
CWE-200
CWE-20
CWE-476
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
SUSE Linux
Operating systems & Components / Operating system

Vendor SuSE

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Deserialization of Untrusted Data

EUVDB-ID: #VU16138

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7124

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing certain objects in "ext/standard/var_unserializer.c" PHP extension. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system via "__destruct" or "magic" method calls.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Neutralization of Special Elements in Output Used by a Downstream Component

EUVDB-ID: #VU40103

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7125

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds write

EUVDB-ID: #VU40102

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7126

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU40101

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7127

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU40100

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7128

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Input validation error

EUVDB-ID: #VU40099

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7129

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) NULL pointer dereference

EUVDB-ID: #VU40098

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7130

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) NULL pointer dereference

EUVDB-ID: #VU40097

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7131

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU40096

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-7132

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Arbitrary code execution

EUVDB-ID: #VU529

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7411

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by deserialized object destruction that may result in memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Arbitrary code execution

EUVDB-ID: #VU524

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7412

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Arbitrary code execution

EUVDB-ID: #VU527

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7413

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Arbitrary code execution

EUVDB-ID: #VU525

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7414

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Arbitrary code execution

EUVDB-ID: #VU523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7416

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Arbitrary code execution

EUVDB-ID: #VU526

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7417

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Arbitrary code execution

EUVDB-ID: #VU528

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-7418

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00006.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###