SUSE update for php53

Published: 2021-03-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2021-21702
CWE-ID	CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Point of Sale Operating systems & Components / Operating system SUSE Linux Enterprise Debuginfo Operating systems & Components / Operating system php53-debugsource Operating systems & Components / Operating system package or component php53-debuginfo Operating systems & Components / Operating system package or component php53-zlib Operating systems & Components / Operating system package or component php53-zip Operating systems & Components / Operating system package or component php53-xsl Operating systems & Components / Operating system package or component php53-xmlwriter Operating systems & Components / Operating system package or component php53-xmlrpc Operating systems & Components / Operating system package or component php53-xmlreader Operating systems & Components / Operating system package or component php53-wddx Operating systems & Components / Operating system package or component php53-tokenizer Operating systems & Components / Operating system package or component php53-sysvshm Operating systems & Components / Operating system package or component php53-sysvsem Operating systems & Components / Operating system package or component php53-sysvmsg Operating systems & Components / Operating system package or component php53-suhosin Operating systems & Components / Operating system package or component php53-soap Operating systems & Components / Operating system package or component php53-snmp Operating systems & Components / Operating system package or component php53-shmop Operating systems & Components / Operating system package or component php53-pspell Operating systems & Components / Operating system package or component php53-pgsql Operating systems & Components / Operating system package or component php53-pear Operating systems & Components / Operating system package or component php53-pdo Operating systems & Components / Operating system package or component php53-pcntl Operating systems & Components / Operating system package or component php53-openssl Operating systems & Components / Operating system package or component php53-odbc Operating systems & Components / Operating system package or component php53-mysql Operating systems & Components / Operating system package or component php53-mcrypt Operating systems & Components / Operating system package or component php53-mbstring Operating systems & Components / Operating system package or component php53-ldap Operating systems & Components / Operating system package or component php53-json Operating systems & Components / Operating system package or component php53-intl Operating systems & Components / Operating system package or component php53-iconv Operating systems & Components / Operating system package or component php53-gmp Operating systems & Components / Operating system package or component php53-gettext Operating systems & Components / Operating system package or component php53-gd Operating systems & Components / Operating system package or component php53-ftp Operating systems & Components / Operating system package or component php53-fileinfo Operating systems & Components / Operating system package or component php53-fastcgi Operating systems & Components / Operating system package or component php53-exif Operating systems & Components / Operating system package or component php53-dom Operating systems & Components / Operating system package or component php53-dba Operating systems & Components / Operating system package or component php53-curl Operating systems & Components / Operating system package or component php53-ctype Operating systems & Components / Operating system package or component php53-calendar Operating systems & Components / Operating system package or component php53-bz2 Operating systems & Components / Operating system package or component php53-bcmath Operating systems & Components / Operating system package or component php53 Operating systems & Components / Operating system package or component apache2-mod_php53 Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU50403

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21702

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the SoapClient in PHP. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package php53 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

php53-debugsource: before 5.3.17-112.99.2

php53-debuginfo: before 5.3.17-112.99.2

php53-zlib: before 5.3.17-112.99.2

php53-zip: before 5.3.17-112.99.2

php53-xsl: before 5.3.17-112.99.2

php53-xmlwriter: before 5.3.17-112.99.2

php53-xmlrpc: before 5.3.17-112.99.2

php53-xmlreader: before 5.3.17-112.99.2

php53-wddx: before 5.3.17-112.99.2

php53-tokenizer: before 5.3.17-112.99.2

php53-sysvshm: before 5.3.17-112.99.2

php53-sysvsem: before 5.3.17-112.99.2

php53-sysvmsg: before 5.3.17-112.99.2

php53-suhosin: before 5.3.17-112.99.2

php53-soap: before 5.3.17-112.99.2

php53-snmp: before 5.3.17-112.99.2

php53-shmop: before 5.3.17-112.99.2

php53-pspell: before 5.3.17-112.99.2

php53-pgsql: before 5.3.17-112.99.2

php53-pear: before 5.3.17-112.99.2

php53-pdo: before 5.3.17-112.99.2

php53-pcntl: before 5.3.17-112.99.2

php53-openssl: before 5.3.17-112.99.2

php53-odbc: before 5.3.17-112.99.2

php53-mysql: before 5.3.17-112.99.2

php53-mcrypt: before 5.3.17-112.99.2

php53-mbstring: before 5.3.17-112.99.2

php53-ldap: before 5.3.17-112.99.2

php53-json: before 5.3.17-112.99.2

php53-intl: before 5.3.17-112.99.2

php53-iconv: before 5.3.17-112.99.2

php53-gmp: before 5.3.17-112.99.2

php53-gettext: before 5.3.17-112.99.2

php53-gd: before 5.3.17-112.99.2

php53-ftp: before 5.3.17-112.99.2

php53-fileinfo: before 5.3.17-112.99.2

php53-fastcgi: before 5.3.17-112.99.2

php53-exif: before 5.3.17-112.99.2

php53-dom: before 5.3.17-112.99.2

php53-dba: before 5.3.17-112.99.2

php53-curl: before 5.3.17-112.99.2

php53-ctype: before 5.3.17-112.99.2

php53-calendar: before 5.3.17-112.99.2

php53-bz2: before 5.3.17-112.99.2

php53-bcmath: before 5.3.17-112.99.2

php53: before 5.3.17-112.99.2

apache2-mod_php53: before 5.3.17-112.99.2

External links

http://www.suse.com/support/update/announcement/2021/suse-su-202114668-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.