Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0644-1 Final 1 1 2015-03-25T11:44:01Z current 2015-03-25T11:44:01Z 2015-03-25T11:44:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 PHP was updated to fix several security issues. The following vulnerabilities were fixed: * A specially crafted GIF file could cause a buffer read overflow in php-gd (CVE-2014-9709 bnc#923946) * Memory was use after it was freed in PHAR (CVE-2015-2301 bnc#922022) * heap overflow vulnerability in regcomp.c (CVE-2015-2305 bnc#922452) * heap buffer overflow in Enchant (CVE-2014-9705 bnc#922451) For openSUSE 13.2, the following additional vulnerability was fixed: * A specially crafted zip file could lead to writing past the heap boundary (CVE-2015-2331 bnc#922894) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html E-Mail link for openSUSE-SU-2015:0644-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings apache2-mod_php5-5.4.20-45.1 php5-5.4.20-45.1 php5-bcmath-5.4.20-45.1 php5-bz2-5.4.20-45.1 php5-calendar-5.4.20-45.1 php5-ctype-5.4.20-45.1 php5-curl-5.4.20-45.1 php5-dba-5.4.20-45.1 php5-devel-5.4.20-45.1 php5-dom-5.4.20-45.1 php5-enchant-5.4.20-45.1 php5-exif-5.4.20-45.1 php5-fastcgi-5.4.20-45.1 php5-fileinfo-5.4.20-45.1 php5-firebird-5.4.20-45.1 php5-fpm-5.4.20-45.1 php5-ftp-5.4.20-45.1 php5-gd-5.4.20-45.1 php5-gettext-5.4.20-45.1 php5-gmp-5.4.20-45.1 php5-iconv-5.4.20-45.1 php5-imap-5.4.20-45.1 php5-intl-5.4.20-45.1 php5-json-5.4.20-45.1 php5-ldap-5.4.20-45.1 php5-mbstring-5.4.20-45.1 php5-mcrypt-5.4.20-45.1 php5-mssql-5.4.20-45.1 php5-mysql-5.4.20-45.1 php5-odbc-5.4.20-45.1 php5-openssl-5.4.20-45.1 php5-pcntl-5.4.20-45.1 php5-pdo-5.4.20-45.1 php5-pear-5.4.20-45.1 php5-pgsql-5.4.20-45.1 php5-phar-5.4.20-45.1 php5-posix-5.4.20-45.1 php5-pspell-5.4.20-45.1 php5-readline-5.4.20-45.1 php5-shmop-5.4.20-45.1 php5-snmp-5.4.20-45.1 php5-soap-5.4.20-45.1 php5-sockets-5.4.20-45.1 php5-sqlite-5.4.20-45.1 php5-suhosin-5.4.20-45.1 php5-sysvmsg-5.4.20-45.1 php5-sysvsem-5.4.20-45.1 php5-sysvshm-5.4.20-45.1 php5-tidy-5.4.20-45.1 php5-tokenizer-5.4.20-45.1 php5-wddx-5.4.20-45.1 php5-xmlreader-5.4.20-45.1 php5-xmlrpc-5.4.20-45.1 php5-xmlwriter-5.4.20-45.1 php5-xsl-5.4.20-45.1 php5-zip-5.4.20-45.1 php5-zlib-5.4.20-45.1 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. CVE-2014-9705 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html https://www.suse.com/security/cve/CVE-2014-9705.html CVE-2014-9705 https://bugzilla.suse.com/922451 SUSE Bug 922451 https://bugzilla.suse.com/980366 SUSE Bug 980366 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. CVE-2014-9709 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html https://www.suse.com/security/cve/CVE-2014-9709.html CVE-2014-9709 https://bugzilla.suse.com/923945 SUSE Bug 923945 https://bugzilla.suse.com/923946 SUSE Bug 923946 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. CVE-2015-2301 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html https://www.suse.com/security/cve/CVE-2015-2301.html CVE-2015-2301 https://bugzilla.suse.com/922452 SUSE Bug 922452 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. CVE-2015-2305 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html https://www.suse.com/security/cve/CVE-2015-2305.html CVE-2015-2305 https://bugzilla.suse.com/1040662 SUSE Bug 1040662 https://bugzilla.suse.com/921950 SUSE Bug 921950 https://bugzilla.suse.com/922022 SUSE Bug 922022 https://bugzilla.suse.com/922028 SUSE Bug 922028 https://bugzilla.suse.com/922030 SUSE Bug 922030 https://bugzilla.suse.com/922043 SUSE Bug 922043 https://bugzilla.suse.com/922560 SUSE Bug 922560 https://bugzilla.suse.com/922567 SUSE Bug 922567 https://bugzilla.suse.com/929192 SUSE Bug 929192 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. CVE-2015-2331 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html https://www.suse.com/security/cve/CVE-2015-2331.html CVE-2015-2331 https://bugzilla.suse.com/922894 SUSE Bug 922894 https://bugzilla.suse.com/923240 SUSE Bug 923240