SB2016110107 - SUSE Linux update for php5
Published: November 1, 2016
Security Bulletin ID
SB2016110107
Severity
High
Patch available
YES
Number of vulnerabilities
7
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Arbitrary code execution (CVE-ID: CVE-2016-7411)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by deserialized object destruction that may result in memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
2) Arbitrary code execution (CVE-ID: CVE-2016-7412)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
3) Arbitrary code execution (CVE-ID: CVE-2016-7413)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by use-after-free memory error in wddx_deserialize() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
4) Arbitrary code execution (CVE-ID: CVE-2016-7414)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by out-of-bounds memory error in phar_parse_zipfile() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
5) Arbitrary code execution (CVE-ID: CVE-2016-7416)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by memory corruption in local data handling that allows a malicious user to get access to the system and cause arbitrary code execution.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
6) Arbitrary code execution (CVE-ID: CVE-2016-7417)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by unserializing SplArray that leads to memory corruption error and allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
7) Arbitrary code execution (CVE-ID: CVE-2016-7418)
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.The weakness is caused by out-of-bounds memory read error in php_wddx_push_element() that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.