Security update for PHP5
SUSE Security Update: Security update for PHP5
This update of php5 fixes multiple security flaws:
* CVE-2011-2202: A php5 upload filename injection was
fixed.
* CVE-2011-4566: A integer overflow in the EXIF
extension was fixed that could be used by attackers to
crash the interpreter or potentially read memory
* CVE-2011-3182: Multiple NULL pointer dereferences
were fixed that could lead to crashes
* CVE-2011-1466: An integer overflow in the PHP
calendar extension was fixed that could have led to crashes.
* CVE-2011-1072: A symlink vulnerability in the PEAR
installer could be exploited by local attackers to inject
code.
* CVE-2011-4153: missing checks of return values could
allow remote attackers to cause a denial of service (NULL
pointer dereference)
* CVE-2011-4885: denial of service via hash collisions
* CVE-2012-0057: specially crafted XSLT stylesheets
could allow remote attackers to create arbitrary files with
arbitrary content
* CVE-2012-0781: remote attackers can cause a denial of
service via specially crafted input to an application that
attempts to perform Tidy::diagnose operations
* CVE-2012-0788: applications that use a PDO driver
were prone to denial of service flaws which could be
exploited remotely
* CVE-2012-0789: memory leak in the timezone
functionality could allow remote attackers to cause a
denial of service (memory consumption)
* CVE-2012-0807: a stack based buffer overflow in the
php5 Suhosin extension could allow remote attackers to
execute arbitrary code via a long string that is used in a
Set-Cookie HTTP header
* CVE-2012-0830: this fixes an incorrect fix for
CVE-2011-4885 which could allow remote attackers to execute
arbitrary code via a request containing a large number of
variables
* CVE-2012-0831: temporary changes to the
magic_quotes_gpc directive during the importing of
environment variables is not properly performed which makes
it easier for remote attackers to conduct SQL injections
Also the following bugs have been fixed:
* allow uploading files bigger than 2GB for 64bit
systems [bnc#709549]
* amend README.SUSE to discourage using apache module
with apache2-worker [bnc#728671]
Security Issue references:
* CVE-2011-2202
>
* CVE-2011-4153
>
* CVE-2011-4885
>
* CVE-2012-0057
>
* CVE-2012-0781
>
* CVE-2012-0788
>
* CVE-2012-0789
>
* CVE-2012-0807
>
* CVE-2012-0830
>
* CVE-2012-0831
>
* CVE-2011-4566
>
* CVE-2011-3182
>
* CVE-2011-1466
>
* CVE-2011-1072
>
| Announcement ID: | SUSE-SU-2012:0496-1 |
| Rating: | important |
| References: | #699711 #709549 #713652 #728671 #733590 #735613 #736169 #738221 #741520 #741859 #742273 #742806 #743308 #744966 #746661 #749111 |
| Affected Products: |
An update that solves 14 vulnerabilities and has two fixes is now available. It includes one version update.
Description:
This update of php5 fixes multiple security flaws:
* CVE-2011-2202: A php5 upload filename injection was
fixed.
* CVE-2011-4566: A integer overflow in the EXIF
extension was fixed that could be used by attackers to
crash the interpreter or potentially read memory
* CVE-2011-3182: Multiple NULL pointer dereferences
were fixed that could lead to crashes
* CVE-2011-1466: An integer overflow in the PHP
calendar extension was fixed that could have led to crashes.
* CVE-2011-1072: A symlink vulnerability in the PEAR
installer could be exploited by local attackers to inject
code.
* CVE-2011-4153: missing checks of return values could
allow remote attackers to cause a denial of service (NULL
pointer dereference)
* CVE-2011-4885: denial of service via hash collisions
* CVE-2012-0057: specially crafted XSLT stylesheets
could allow remote attackers to create arbitrary files with
arbitrary content
* CVE-2012-0781: remote attackers can cause a denial of
service via specially crafted input to an application that
attempts to perform Tidy::diagnose operations
* CVE-2012-0788: applications that use a PDO driver
were prone to denial of service flaws which could be
exploited remotely
* CVE-2012-0789: memory leak in the timezone
functionality could allow remote attackers to cause a
denial of service (memory consumption)
* CVE-2012-0807: a stack based buffer overflow in the
php5 Suhosin extension could allow remote attackers to
execute arbitrary code via a long string that is used in a
Set-Cookie HTTP header
* CVE-2012-0830: this fixes an incorrect fix for
CVE-2011-4885 which could allow remote attackers to execute
arbitrary code via a request containing a large number of
variables
* CVE-2012-0831: temporary changes to the
magic_quotes_gpc directive during the importing of
environment variables is not properly performed which makes
it easier for remote attackers to conduct SQL injections
Also the following bugs have been fixed:
* allow uploading files bigger than 2GB for 64bit
systems [bnc#709549]
* amend README.SUSE to discourage using apache module
with apache2-worker [bnc#728671]
Security Issue references:
* CVE-2011-2202
* CVE-2011-4153
* CVE-2011-4885
* CVE-2012-0057
* CVE-2012-0781
* CVE-2012-0788
* CVE-2012-0789
* CVE-2012-0807
* CVE-2012-0830
* CVE-2012-0831
* CVE-2011-4566
* CVE-2011-3182
* CVE-2011-1466
* CVE-2011-1072
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP1 for VMware:
zypper in -t patch slessp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP1:
zypper in -t patch slessp1-apache2-mod_php5-5964
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]:
- php5-devel-5.2.14-0.7.30.34.1
- php5-imap-5.2.14-0.7.30.34.1
- php5-ncurses-5.2.14-0.7.30.34.1
- php5-posix-5.2.14-0.7.30.34.1
- php5-readline-5.2.14-0.7.30.34.1
- php5-sockets-5.2.14-0.7.30.34.1
- php5-sqlite-5.2.14-0.7.30.34.1
- php5-tidy-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 5.2.14]:
- apache2-mod_php5-5.2.14-0.7.30.34.1
- php5-5.2.14-0.7.30.34.1
- php5-bcmath-5.2.14-0.7.30.34.1
- php5-bz2-5.2.14-0.7.30.34.1
- php5-calendar-5.2.14-0.7.30.34.1
- php5-ctype-5.2.14-0.7.30.34.1
- php5-curl-5.2.14-0.7.30.34.1
- php5-dba-5.2.14-0.7.30.34.1
- php5-dbase-5.2.14-0.7.30.34.1
- php5-dom-5.2.14-0.7.30.34.1
- php5-exif-5.2.14-0.7.30.34.1
- php5-fastcgi-5.2.14-0.7.30.34.1
- php5-ftp-5.2.14-0.7.30.34.1
- php5-gd-5.2.14-0.7.30.34.1
- php5-gettext-5.2.14-0.7.30.34.1
- php5-gmp-5.2.14-0.7.30.34.1
- php5-hash-5.2.14-0.7.30.34.1
- php5-iconv-5.2.14-0.7.30.34.1
- php5-json-5.2.14-0.7.30.34.1
- php5-ldap-5.2.14-0.7.30.34.1
- php5-mbstring-5.2.14-0.7.30.34.1
- php5-mcrypt-5.2.14-0.7.30.34.1
- php5-mysql-5.2.14-0.7.30.34.1
- php5-odbc-5.2.14-0.7.30.34.1
- php5-openssl-5.2.14-0.7.30.34.1
- php5-pcntl-5.2.14-0.7.30.34.1
- php5-pdo-5.2.14-0.7.30.34.1
- php5-pear-5.2.14-0.7.30.34.1
- php5-pgsql-5.2.14-0.7.30.34.1
- php5-pspell-5.2.14-0.7.30.34.1
- php5-shmop-5.2.14-0.7.30.34.1
- php5-snmp-5.2.14-0.7.30.34.1
- php5-soap-5.2.14-0.7.30.34.1
- php5-suhosin-5.2.14-0.7.30.34.1
- php5-sysvmsg-5.2.14-0.7.30.34.1
- php5-sysvsem-5.2.14-0.7.30.34.1
- php5-sysvshm-5.2.14-0.7.30.34.1
- php5-tokenizer-5.2.14-0.7.30.34.1
- php5-wddx-5.2.14-0.7.30.34.1
- php5-xmlreader-5.2.14-0.7.30.34.1
- php5-xmlrpc-5.2.14-0.7.30.34.1
- php5-xmlwriter-5.2.14-0.7.30.34.1
- php5-xsl-5.2.14-0.7.30.34.1
- php5-zip-5.2.14-0.7.30.34.1
- php5-zlib-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]:
- php5-devel-5.2.14-0.7.30.34.1
- php5-imap-5.2.14-0.7.30.34.1
- php5-ncurses-5.2.14-0.7.30.34.1
- php5-posix-5.2.14-0.7.30.34.1
- php5-readline-5.2.14-0.7.30.34.1
- php5-sockets-5.2.14-0.7.30.34.1
- php5-sqlite-5.2.14-0.7.30.34.1
- php5-tidy-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 5.2.14]:
- apache2-mod_php5-5.2.14-0.7.30.34.1
- php5-5.2.14-0.7.30.34.1
- php5-bcmath-5.2.14-0.7.30.34.1
- php5-bz2-5.2.14-0.7.30.34.1
- php5-calendar-5.2.14-0.7.30.34.1
- php5-ctype-5.2.14-0.7.30.34.1
- php5-curl-5.2.14-0.7.30.34.1
- php5-dba-5.2.14-0.7.30.34.1
- php5-dbase-5.2.14-0.7.30.34.1
- php5-dom-5.2.14-0.7.30.34.1
- php5-exif-5.2.14-0.7.30.34.1
- php5-fastcgi-5.2.14-0.7.30.34.1
- php5-ftp-5.2.14-0.7.30.34.1
- php5-gd-5.2.14-0.7.30.34.1
- php5-gettext-5.2.14-0.7.30.34.1
- php5-gmp-5.2.14-0.7.30.34.1
- php5-hash-5.2.14-0.7.30.34.1
- php5-iconv-5.2.14-0.7.30.34.1
- php5-json-5.2.14-0.7.30.34.1
- php5-ldap-5.2.14-0.7.30.34.1
- php5-mbstring-5.2.14-0.7.30.34.1
- php5-mcrypt-5.2.14-0.7.30.34.1
- php5-mysql-5.2.14-0.7.30.34.1
- php5-odbc-5.2.14-0.7.30.34.1
- php5-openssl-5.2.14-0.7.30.34.1
- php5-pcntl-5.2.14-0.7.30.34.1
- php5-pdo-5.2.14-0.7.30.34.1
- php5-pear-5.2.14-0.7.30.34.1
- php5-pgsql-5.2.14-0.7.30.34.1
- php5-pspell-5.2.14-0.7.30.34.1
- php5-shmop-5.2.14-0.7.30.34.1
- php5-snmp-5.2.14-0.7.30.34.1
- php5-soap-5.2.14-0.7.30.34.1
- php5-suhosin-5.2.14-0.7.30.34.1
- php5-sysvmsg-5.2.14-0.7.30.34.1
- php5-sysvsem-5.2.14-0.7.30.34.1
- php5-sysvshm-5.2.14-0.7.30.34.1
- php5-tokenizer-5.2.14-0.7.30.34.1
- php5-wddx-5.2.14-0.7.30.34.1
- php5-xmlreader-5.2.14-0.7.30.34.1
- php5-xmlrpc-5.2.14-0.7.30.34.1
- php5-xmlwriter-5.2.14-0.7.30.34.1
- php5-xsl-5.2.14-0.7.30.34.1
- php5-zip-5.2.14-0.7.30.34.1
- php5-zlib-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]:
- apache2-mod_php5-5.2.14-0.7.30.34.1
- php5-5.2.14-0.7.30.34.1
- php5-bcmath-5.2.14-0.7.30.34.1
- php5-bz2-5.2.14-0.7.30.34.1
- php5-calendar-5.2.14-0.7.30.34.1
- php5-ctype-5.2.14-0.7.30.34.1
- php5-curl-5.2.14-0.7.30.34.1
- php5-dba-5.2.14-0.7.30.34.1
- php5-dbase-5.2.14-0.7.30.34.1
- php5-dom-5.2.14-0.7.30.34.1
- php5-exif-5.2.14-0.7.30.34.1
- php5-fastcgi-5.2.14-0.7.30.34.1
- php5-ftp-5.2.14-0.7.30.34.1
- php5-gd-5.2.14-0.7.30.34.1
- php5-gettext-5.2.14-0.7.30.34.1
- php5-gmp-5.2.14-0.7.30.34.1
- php5-hash-5.2.14-0.7.30.34.1
- php5-iconv-5.2.14-0.7.30.34.1
- php5-json-5.2.14-0.7.30.34.1
- php5-ldap-5.2.14-0.7.30.34.1
- php5-mbstring-5.2.14-0.7.30.34.1
- php5-mcrypt-5.2.14-0.7.30.34.1
- php5-mysql-5.2.14-0.7.30.34.1
- php5-odbc-5.2.14-0.7.30.34.1
- php5-openssl-5.2.14-0.7.30.34.1
- php5-pcntl-5.2.14-0.7.30.34.1
- php5-pdo-5.2.14-0.7.30.34.1
- php5-pear-5.2.14-0.7.30.34.1
- php5-pgsql-5.2.14-0.7.30.34.1
- php5-pspell-5.2.14-0.7.30.34.1
- php5-shmop-5.2.14-0.7.30.34.1
- php5-snmp-5.2.14-0.7.30.34.1
- php5-soap-5.2.14-0.7.30.34.1
- php5-suhosin-5.2.14-0.7.30.34.1
- php5-sysvmsg-5.2.14-0.7.30.34.1
- php5-sysvsem-5.2.14-0.7.30.34.1
- php5-sysvshm-5.2.14-0.7.30.34.1
- php5-tokenizer-5.2.14-0.7.30.34.1
- php5-wddx-5.2.14-0.7.30.34.1
- php5-xmlreader-5.2.14-0.7.30.34.1
- php5-xmlrpc-5.2.14-0.7.30.34.1
- php5-xmlwriter-5.2.14-0.7.30.34.1
- php5-xsl-5.2.14-0.7.30.34.1
- php5-zip-5.2.14-0.7.30.34.1
- php5-zlib-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.2.14]:
- apache2-mod_php5-5.2.14-0.7.30.34.1
- php5-5.2.14-0.7.30.34.1
- php5-bcmath-5.2.14-0.7.30.34.1
- php5-bz2-5.2.14-0.7.30.34.1
- php5-calendar-5.2.14-0.7.30.34.1
- php5-ctype-5.2.14-0.7.30.34.1
- php5-curl-5.2.14-0.7.30.34.1
- php5-dba-5.2.14-0.7.30.34.1
- php5-dbase-5.2.14-0.7.30.34.1
- php5-dom-5.2.14-0.7.30.34.1
- php5-exif-5.2.14-0.7.30.34.1
- php5-fastcgi-5.2.14-0.7.30.34.1
- php5-ftp-5.2.14-0.7.30.34.1
- php5-gd-5.2.14-0.7.30.34.1
- php5-gettext-5.2.14-0.7.30.34.1
- php5-gmp-5.2.14-0.7.30.34.1
- php5-hash-5.2.14-0.7.30.34.1
- php5-iconv-5.2.14-0.7.30.34.1
- php5-json-5.2.14-0.7.30.34.1
- php5-ldap-5.2.14-0.7.30.34.1
- php5-mbstring-5.2.14-0.7.30.34.1
- php5-mcrypt-5.2.14-0.7.30.34.1
- php5-mysql-5.2.14-0.7.30.34.1
- php5-odbc-5.2.14-0.7.30.34.1
- php5-openssl-5.2.14-0.7.30.34.1
- php5-pcntl-5.2.14-0.7.30.34.1
- php5-pdo-5.2.14-0.7.30.34.1
- php5-pear-5.2.14-0.7.30.34.1
- php5-pgsql-5.2.14-0.7.30.34.1
- php5-pspell-5.2.14-0.7.30.34.1
- php5-shmop-5.2.14-0.7.30.34.1
- php5-snmp-5.2.14-0.7.30.34.1
- php5-soap-5.2.14-0.7.30.34.1
- php5-suhosin-5.2.14-0.7.30.34.1
- php5-sysvmsg-5.2.14-0.7.30.34.1
- php5-sysvsem-5.2.14-0.7.30.34.1
- php5-sysvshm-5.2.14-0.7.30.34.1
- php5-tokenizer-5.2.14-0.7.30.34.1
- php5-wddx-5.2.14-0.7.30.34.1
- php5-xmlreader-5.2.14-0.7.30.34.1
- php5-xmlrpc-5.2.14-0.7.30.34.1
- php5-xmlwriter-5.2.14-0.7.30.34.1
- php5-xsl-5.2.14-0.7.30.34.1
- php5-zip-5.2.14-0.7.30.34.1
- php5-zlib-5.2.14-0.7.30.34.1
- SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]:
- apache2-mod_php5-5.2.14-0.7.30.34.1
- php5-5.2.14-0.7.30.34.1
- php5-bcmath-5.2.14-0.7.30.34.1
- php5-bz2-5.2.14-0.7.30.34.1
- php5-calendar-5.2.14-0.7.30.34.1
- php5-ctype-5.2.14-0.7.30.34.1
- php5-curl-5.2.14-0.7.30.34.1
- php5-dba-5.2.14-0.7.30.34.1
- php5-dbase-5.2.14-0.7.30.34.1
- php5-dom-5.2.14-0.7.30.34.1
- php5-exif-5.2.14-0.7.30.34.1
- php5-fastcgi-5.2.14-0.7.30.34.1
- php5-ftp-5.2.14-0.7.30.34.1
- php5-gd-5.2.14-0.7.30.34.1
- php5-gettext-5.2.14-0.7.30.34.1
- php5-gmp-5.2.14-0.7.30.34.1
- php5-hash-5.2.14-0.7.30.34.1
- php5-iconv-5.2.14-0.7.30.34.1
- php5-json-5.2.14-0.7.30.34.1
- php5-ldap-5.2.14-0.7.30.34.1
- php5-mbstring-5.2.14-0.7.30.34.1
- php5-mcrypt-5.2.14-0.7.30.34.1
- php5-mysql-5.2.14-0.7.30.34.1
- php5-odbc-5.2.14-0.7.30.34.1
- php5-openssl-5.2.14-0.7.30.34.1
- php5-pcntl-5.2.14-0.7.30.34.1
- php5-pdo-5.2.14-0.7.30.34.1
- php5-pear-5.2.14-0.7.30.34.1
- php5-pgsql-5.2.14-0.7.30.34.1
- php5-pspell-5.2.14-0.7.30.34.1
- php5-shmop-5.2.14-0.7.30.34.1
- php5-snmp-5.2.14-0.7.30.34.1
- php5-soap-5.2.14-0.7.30.34.1
- php5-suhosin-5.2.14-0.7.30.34.1
- php5-sysvmsg-5.2.14-0.7.30.34.1
- php5-sysvsem-5.2.14-0.7.30.34.1
- php5-sysvshm-5.2.14-0.7.30.34.1
- php5-tokenizer-5.2.14-0.7.30.34.1
- php5-wddx-5.2.14-0.7.30.34.1
- php5-xmlreader-5.2.14-0.7.30.34.1
- php5-xmlrpc-5.2.14-0.7.30.34.1
- php5-xmlwriter-5.2.14-0.7.30.34.1
- php5-xsl-5.2.14-0.7.30.34.1
- php5-zip-5.2.14-0.7.30.34.1
- php5-zlib-5.2.14-0.7.30.34.1
References:
- http://support.novell.com/security/cve/CVE-2011-1072.html
- http://support.novell.com/security/cve/CVE-2011-1466.html
- http://support.novell.com/security/cve/CVE-2011-2202.html
- http://support.novell.com/security/cve/CVE-2011-3182.html
- http://support.novell.com/security/cve/CVE-2011-4153.html
- http://support.novell.com/security/cve/CVE-2011-4566.html
- http://support.novell.com/security/cve/CVE-2011-4885.html
- http://support.novell.com/security/cve/CVE-2012-0057.html
- http://support.novell.com/security/cve/CVE-2012-0781.html
- http://support.novell.com/security/cve/CVE-2012-0788.html
- http://support.novell.com/security/cve/CVE-2012-0789.html
- http://support.novell.com/security/cve/CVE-2012-0807.html
- http://support.novell.com/security/cve/CVE-2012-0830.html
- http://support.novell.com/security/cve/CVE-2012-0831.html
- https://bugzilla.novell.com/699711
- https://bugzilla.novell.com/709549
- https://bugzilla.novell.com/713652
- https://bugzilla.novell.com/728671
- https://bugzilla.novell.com/733590
- https://bugzilla.novell.com/735613
- https://bugzilla.novell.com/736169
- https://bugzilla.novell.com/738221
- https://bugzilla.novell.com/741520
- https://bugzilla.novell.com/741859
- https://bugzilla.novell.com/742273
- https://bugzilla.novell.com/742806
- https://bugzilla.novell.com/743308
- https://bugzilla.novell.com/744966
- https://bugzilla.novell.com/746661
- https://bugzilla.novell.com/749111
- http://download.suse.com/patch/finder/?keywords=778ae960c062031cb692b8c0c4a67400