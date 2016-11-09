Login

Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: SUSE-SU-2016:2766-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Web Scripting 12, SUSE Linux Enterprise Software Development Kit 12-SP1
Datum: Mi, 9. November 2016, 22:36
Originalnachricht

 
   SUSE Security Update: Security update for php5
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2766-1
Rating:             important
References:         #1001900 #1004924 #1005274 
Cross-References:   CVE-2016-6911 CVE-2016-7568 CVE-2016-8670
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP1
                    SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for php5 fixes the following security issues:

   - CVE-2016-7568: A specially crafted image file could cause an application
     crash or potentially execute arbitrary code when the image is converted
     to webp (bsc#1001900)
   - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924)
   - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf()
     (bsc#1005274)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP1:

      zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1629=1

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1629=1

   To bring your system up-to-date, use "zypper patch".


