Debian-LTS alert DLA-628-1 (php5)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 628-1] php5 security update | |
| Date: | Sun, 18 Sep 2016 17:12:08 +0200 (CEST) | |
| Message-ID: | <alpine.DEB.2.02.1609181710190.23371@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php5 Version : 5.4.45-0+deb7u5 CVE ID : CVE-2016-4473 CVE-2016-4538 CVE-2016-5114 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 PHP-Bugs : 70436 72681 * CVE-2016-4473.patch An invalid free may occur under certain conditions when processing phar-compatible archives. * CVE-2016-4538.patch The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. (already fixed with patch for CVE-2016-4537) * CVE-2016-5114.patch sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging. * CVE-2016-5399.patch Improper error handling in bzread() * CVE-2016-5768.patch Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. * CVE-2016-5769.patch Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. * CVE-2016-5770.patch Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. * CVE-2016-5771.patch spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. * CVE-2016-5772.patch Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. * CVE-2016-5773.patch php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object. * CVE-2016-6289.patch Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. * CVE-2016-6290.patch ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. * CVE-2016-6291.patch The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. * CVE-2016-6292.patch The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. * CVE-2016-6294.patch The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. * CVE-2016-6295.patch ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. * CVE-2016-6296.patch Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. * CVE-2016-6297.patch Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. * BUG-70436.patch Use After Free Vulnerability in unserialize() * BUG-72681.patch PHP Session Data Injection Vulnerability, consume data even if we're not storing them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJX3q7IXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHabEP/AkSu2b8JU6tJQG1JNJJggDP gVAc6y28WyiUXHIkBWUHicfYvJIfgq2R30tHhTywKRTzzMq3sVNxDZIas+4Smfms bDbnvxDPVo9YKdediO8IQooMC0LsqkKjko/yRGdE1EyRGGcQfGenx3RQELHjfM7v H1z38VdVob7fXGtv86xt+zLi0mei/xJJCA0XflpOAPMoxK6ZxAwj3jguV4plR3j+ UipYrzcu5e490KDAm/hjauLQ8iXvJz4FAB+3/3ghb6FVmeMX2k9s3Ih3vfvSG8w1 0SMi539S9Z3wgrZB7iAC1mBwTHH1kl4VDVmqtqhhbPBMGpE0KffltmaadWueYsgr pE85F5dgS5hCtSxLT8Ec6nXYj/tf9bKUU1AUra1qdkDsUNArvdk2/DVDiIBaUFxr ruQiZ/vlvlek9qdiTuZUHxxt+rVYjemMP9d7Y6ZpEL1giJyoD+INcwqf4USkJsi6 /0IkxzlMzTbMdUTl0Nojc9R0l5zAZ87t4qf9iqo2d6HiKiJh1pKFwmKhQL7UyCbG MCf6bAliv41JCorsy5R7DxBMUtxiopbI9TfMqpPZ32iRyBc+HPrrbEF2prZ7weiv qVxShNMmtdMkPkESqlSYRfgAH0tFA/mfVvMDLYZcqQlnSTKQfYuaqgO6BP+Zds5y 5BzlcoV35yQAeP7gQrnl =mJ5F -----END PGP SIGNATURE-----