SUSE 5130 Published by

The following updates has been released for SUSE:

openSUSE Leap 42.3/42.2:
openSUSE-SU-2017:2306-1: important: Security update for postgresql93

openSUSE Leap 42.3:
openSUSE-SU-2017:2311-1: important: Security update for samba and resource-agents

SUSE Linux Enterprise 11:
SUSE-SU-2017:2302-1: important: Security update for MozillaFirefox
SUSE-SU-2017:2303-1: important: Security update for php7



openSUSE-SU-2017:2306-1: important: Security update for postgresql93

openSUSE Security Update: Security update for postgresql93
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2306-1
Rating: important
References: #1051684 #1051685 #1053259
Cross-References: CVE-2017-7546 CVE-2017-7547 CVE-2017-7548

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 42.2
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

Postgresql93 was updated to 9.3.18 to fix the following issues:

* CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user mapping
options. (bsc#1051685)
* CVE-2017-7546: Disallow empty passwords in all password-based
authentication methods. (bsc#1051684)
* CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259)

The changelog for the release is here:

https://www.postgresql.org/docs/9.3/static/release-9-3-18.html

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-985=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-985=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (i586 x86_64):

postgresql93-devel-9.3.18-8.1
postgresql93-devel-debuginfo-9.3.18-8.1
postgresql93-libs-debugsource-9.3.18-8.1

- openSUSE Leap 42.3 (x86_64):

postgresql93-9.3.18-8.1
postgresql93-contrib-9.3.18-8.1
postgresql93-contrib-debuginfo-9.3.18-8.1
postgresql93-debuginfo-9.3.18-8.1
postgresql93-debugsource-9.3.18-8.1
postgresql93-plperl-9.3.18-8.1
postgresql93-plperl-debuginfo-9.3.18-8.1
postgresql93-plpython-9.3.18-8.1
postgresql93-plpython-debuginfo-9.3.18-8.1
postgresql93-pltcl-9.3.18-8.1
postgresql93-pltcl-debuginfo-9.3.18-8.1
postgresql93-server-9.3.18-8.1
postgresql93-server-debuginfo-9.3.18-8.1
postgresql93-test-9.3.18-8.1

- openSUSE Leap 42.3 (noarch):

postgresql93-docs-9.3.18-8.1

- openSUSE Leap 42.2 (i586 x86_64):

postgresql93-devel-9.3.18-5.12.1
postgresql93-devel-debuginfo-9.3.18-5.12.1
postgresql93-libs-debugsource-9.3.18-5.12.1

- openSUSE Leap 42.2 (noarch):

postgresql93-docs-9.3.18-5.12.1

- openSUSE Leap 42.2 (x86_64):

postgresql93-9.3.18-5.12.1
postgresql93-contrib-9.3.18-5.12.1
postgresql93-contrib-debuginfo-9.3.18-5.12.1
postgresql93-debuginfo-9.3.18-5.12.1
postgresql93-debugsource-9.3.18-5.12.1
postgresql93-plperl-9.3.18-5.12.1
postgresql93-plperl-debuginfo-9.3.18-5.12.1
postgresql93-plpython-9.3.18-5.12.1
postgresql93-plpython-debuginfo-9.3.18-5.12.1
postgresql93-pltcl-9.3.18-5.12.1
postgresql93-pltcl-debuginfo-9.3.18-5.12.1
postgresql93-server-9.3.18-5.12.1
postgresql93-server-debuginfo-9.3.18-5.12.1
postgresql93-test-9.3.18-5.12.1


References:

https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259

openSUSE-SU-2017:2311-1: important: Security update for samba and resource-agents

openSUSE Security Update: Security update for samba and resource-agents
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2311-1
Rating: important
References: #1048278 #1048339 #1048352 #1048387 #1048790
#1052577 #1054017
Cross-References: CVE-2017-11103
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has 6 fixes is
now available.

Description:

This update provides Samba 4.6.7, which fixes the following issues:

- CVE-2017-11103: Metadata were being taken from the unauthenticated
plaintext (the Ticket) rather than the authenticated and encrypted KDC
response. (bsc#1048278)
- Fix cephwrap_chdir(). (bsc#1048790)
- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb.
(bsc#1048339)
- Fix inconsistent ctdb socket path. (bsc#1048352)
- Fix non-admin cephx authentication. (bsc#1048387)
- CTDB cannot start when there is no persistent database. (bsc#1052577)

The CTDB resource agent was also fixed to not fail when the database is
empty.

This update was imported from the SUSE:SLE-12-SP3:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-987=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (i586 x86_64):

ctdb-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-tests-4.6.7+git.38.90b2cdb4f22-3.1
ctdb-tests-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
ldirectord-4.0.1+git.1495055229.643177f1-3.1
libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-devel-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr-devel-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard-devel-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi-devel-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap-devel-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util-devel-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
resource-agents-4.0.1+git.1495055229.643177f1-3.1
resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-3.1
resource-agents-debugsource-4.0.1+git.1495055229.643177f1-3.1
samba-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-core-devel-4.6.7+git.38.90b2cdb4f22-3.1
samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-pidl-4.6.7+git.38.90b2cdb4f22-3.1
samba-python-4.6.7+git.38.90b2cdb4f22-3.1
samba-python-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-test-4.6.7+git.38.90b2cdb4f22-3.1
samba-test-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1

- openSUSE Leap 42.3 (noarch):

monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-3.1
samba-doc-4.6.7+git.38.90b2cdb4f22-3.1

- openSUSE Leap 42.3 (x86_64):

libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc-samr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-policy0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1
libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-ceph-4.6.7+git.38.90b2cdb4f22-3.1
samba-ceph-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.1
samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1


References:

https://www.suse.com/security/cve/CVE-2017-11103.html
https://bugzilla.suse.com/1048278
https://bugzilla.suse.com/1048339
https://bugzilla.suse.com/1048352
https://bugzilla.suse.com/1048387
https://bugzilla.suse.com/1048790
https://bugzilla.suse.com/1052577
https://bugzilla.suse.com/1054017

SUSE-SU-2017:2302-1: important: Security update for MozillaFirefox

SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2302-1
Rating: important
References: #1031485 #1052829
Cross-References: CVE-2017-7753 CVE-2017-7779 CVE-2017-7782
CVE-2017-7784 CVE-2017-7785 CVE-2017-7786
CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7798 CVE-2017-7800 CVE-2017-7801
CVE-2017-7802 CVE-2017-7803 CVE-2017-7804
CVE-2017-7807
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:



Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829)

Following security issues were fixed:

* MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback
* MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with
data: protocol and modal alerts
* MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an
extremely long OID
* MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory
without DEP protections
* MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes
through page reloads
* MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting
non-displayable SVG
* MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes
in DOM
* MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers
* MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data
and pseudo-elements
* MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools
* MFSA 2017-19/CVE-2017-7804: Memory protection bypass through
WindowsDllDetourPatcher
* MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and
Firefox ESR 52.3
* MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during
disconnection
* MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window
resizing
* MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements
* MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied

This update also fixes:

- fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups
enabled and running on cpu >=1 (bsc#1031485)
- The Itanium ia64 build was fixed.


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-MozillaFirefox-13254=1

- SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-MozillaFirefox-13254=1

- SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-MozillaFirefox-13254=1

- SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-MozillaFirefox-13254=1

- SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-MozillaFirefox-13254=1

- SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-MozillaFirefox-13254=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

MozillaFirefox-devel-52.3.0esr-72.9.1

- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1

- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1

- SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

MozillaFirefox-52.3.0esr-72.9.1
MozillaFirefox-branding-SLED-52-24.5.1
MozillaFirefox-translations-52.3.0esr-72.9.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

MozillaFirefox-debuginfo-52.3.0esr-72.9.1

- SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

MozillaFirefox-debuginfo-52.3.0esr-72.9.1


References:

https://www.suse.com/security/cve/CVE-2017-7753.html
https://www.suse.com/security/cve/CVE-2017-7779.html
https://www.suse.com/security/cve/CVE-2017-7782.html
https://www.suse.com/security/cve/CVE-2017-7784.html
https://www.suse.com/security/cve/CVE-2017-7785.html
https://www.suse.com/security/cve/CVE-2017-7786.html
https://www.suse.com/security/cve/CVE-2017-7787.html
https://www.suse.com/security/cve/CVE-2017-7791.html
https://www.suse.com/security/cve/CVE-2017-7792.html
https://www.suse.com/security/cve/CVE-2017-7798.html
https://www.suse.com/security/cve/CVE-2017-7800.html
https://www.suse.com/security/cve/CVE-2017-7801.html
https://www.suse.com/security/cve/CVE-2017-7802.html
https://www.suse.com/security/cve/CVE-2017-7803.html
https://www.suse.com/security/cve/CVE-2017-7804.html
https://www.suse.com/security/cve/CVE-2017-7807.html
https://bugzilla.suse.com/1031485
https://bugzilla.suse.com/1052829


SUSE-SU-2017:2303-1: important: Security update for php7

SUSE Security Update: Security update for php7
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2303-1
Rating: important
References: #1047454 #1048094 #1048096 #1048100 #1048111
#1048112 #1050241 #1050726 #1052389 #1053645
#986386
Cross-References: CVE-2016-10397 CVE-2016-5766 CVE-2017-11142
CVE-2017-11144 CVE-2017-11145 CVE-2017-11146
CVE-2017-11147 CVE-2017-11628 CVE-2017-7890

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

An update that solves 9 vulnerabilities and has two fixes
is now available.

Description:

This update for php7 fixes the following issues:

- CVE-2016-10397: parse_url() can be bypassed to return fake host.
(bsc#1047454)
- CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of
service attack by injectinglong form variables, related to
main/php_variables. (bsc#1048100)
- CVE-2017-11144: The opensslextension PEM sealing code did not check the
return value of the OpenSSL sealingfunction, which could lead to a
crash. (bsc#1048096)
- CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to
information leak. (bsc#1048112)
- CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code
could lead to information leak. (bsc#1048111)
- CVE-2017-11147: The PHAR archive handler could beused by attackers
supplying malicious archive files to crash the PHP interpreteror
potentially disclose information. (bsc#1048094)
- CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could
lead to denial of service (bsc#1050726)
- CVE-2017-7890: Buffer over-read from unitialized data in
gdImageCreateFromGifCtx function could lead to denial of service
(bsc#1050241)
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
overflow could lead to denial of service or code execution (bsc#986386)

Other fixes:

- Soap Request with References (bsc#1053645)
- php7-pear should explicitly require php7-pear-Archive_Tar
otherwise this dependency must be declared in every php7-pear-* package
explicitly. [bnc#1052389]


Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1417=1

- SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1417=1

- SUSE Linux Enterprise Module for Web Scripting 12:

zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1417=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-devel-7.0.7-50.9.2

- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-devel-7.0.7-50.9.2

- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

apache2-mod_php7-7.0.7-50.9.2
apache2-mod_php7-debuginfo-7.0.7-50.9.2
php7-7.0.7-50.9.2
php7-bcmath-7.0.7-50.9.2
php7-bcmath-debuginfo-7.0.7-50.9.2
php7-bz2-7.0.7-50.9.2
php7-bz2-debuginfo-7.0.7-50.9.2
php7-calendar-7.0.7-50.9.2
php7-calendar-debuginfo-7.0.7-50.9.2
php7-ctype-7.0.7-50.9.2
php7-ctype-debuginfo-7.0.7-50.9.2
php7-curl-7.0.7-50.9.2
php7-curl-debuginfo-7.0.7-50.9.2
php7-dba-7.0.7-50.9.2
php7-dba-debuginfo-7.0.7-50.9.2
php7-debuginfo-7.0.7-50.9.2
php7-debugsource-7.0.7-50.9.2
php7-dom-7.0.7-50.9.2
php7-dom-debuginfo-7.0.7-50.9.2
php7-enchant-7.0.7-50.9.2
php7-enchant-debuginfo-7.0.7-50.9.2
php7-exif-7.0.7-50.9.2
php7-exif-debuginfo-7.0.7-50.9.2
php7-fastcgi-7.0.7-50.9.2
php7-fastcgi-debuginfo-7.0.7-50.9.2
php7-fileinfo-7.0.7-50.9.2
php7-fileinfo-debuginfo-7.0.7-50.9.2
php7-fpm-7.0.7-50.9.2
php7-fpm-debuginfo-7.0.7-50.9.2
php7-ftp-7.0.7-50.9.2
php7-ftp-debuginfo-7.0.7-50.9.2
php7-gd-7.0.7-50.9.2
php7-gd-debuginfo-7.0.7-50.9.2
php7-gettext-7.0.7-50.9.2
php7-gettext-debuginfo-7.0.7-50.9.2
php7-gmp-7.0.7-50.9.2
php7-gmp-debuginfo-7.0.7-50.9.2
php7-iconv-7.0.7-50.9.2
php7-iconv-debuginfo-7.0.7-50.9.2
php7-imap-7.0.7-50.9.2
php7-imap-debuginfo-7.0.7-50.9.2
php7-intl-7.0.7-50.9.2
php7-intl-debuginfo-7.0.7-50.9.2
php7-json-7.0.7-50.9.2
php7-json-debuginfo-7.0.7-50.9.2
php7-ldap-7.0.7-50.9.2
php7-ldap-debuginfo-7.0.7-50.9.2
php7-mbstring-7.0.7-50.9.2
php7-mbstring-debuginfo-7.0.7-50.9.2
php7-mcrypt-7.0.7-50.9.2
php7-mcrypt-debuginfo-7.0.7-50.9.2
php7-mysql-7.0.7-50.9.2
php7-mysql-debuginfo-7.0.7-50.9.2
php7-odbc-7.0.7-50.9.2
php7-odbc-debuginfo-7.0.7-50.9.2
php7-opcache-7.0.7-50.9.2
php7-opcache-debuginfo-7.0.7-50.9.2
php7-openssl-7.0.7-50.9.2
php7-openssl-debuginfo-7.0.7-50.9.2
php7-pcntl-7.0.7-50.9.2
php7-pcntl-debuginfo-7.0.7-50.9.2
php7-pdo-7.0.7-50.9.2
php7-pdo-debuginfo-7.0.7-50.9.2
php7-pgsql-7.0.7-50.9.2
php7-pgsql-debuginfo-7.0.7-50.9.2
php7-phar-7.0.7-50.9.2
php7-phar-debuginfo-7.0.7-50.9.2
php7-posix-7.0.7-50.9.2
php7-posix-debuginfo-7.0.7-50.9.2
php7-pspell-7.0.7-50.9.2
php7-pspell-debuginfo-7.0.7-50.9.2
php7-shmop-7.0.7-50.9.2
php7-shmop-debuginfo-7.0.7-50.9.2
php7-snmp-7.0.7-50.9.2
php7-snmp-debuginfo-7.0.7-50.9.2
php7-soap-7.0.7-50.9.2
php7-soap-debuginfo-7.0.7-50.9.2
php7-sockets-7.0.7-50.9.2
php7-sockets-debuginfo-7.0.7-50.9.2
php7-sqlite-7.0.7-50.9.2
php7-sqlite-debuginfo-7.0.7-50.9.2
php7-sysvmsg-7.0.7-50.9.2
php7-sysvmsg-debuginfo-7.0.7-50.9.2
php7-sysvsem-7.0.7-50.9.2
php7-sysvsem-debuginfo-7.0.7-50.9.2
php7-sysvshm-7.0.7-50.9.2
php7-sysvshm-debuginfo-7.0.7-50.9.2
php7-tokenizer-7.0.7-50.9.2
php7-tokenizer-debuginfo-7.0.7-50.9.2
php7-wddx-7.0.7-50.9.2
php7-wddx-debuginfo-7.0.7-50.9.2
php7-xmlreader-7.0.7-50.9.2
php7-xmlreader-debuginfo-7.0.7-50.9.2
php7-xmlrpc-7.0.7-50.9.2
php7-xmlrpc-debuginfo-7.0.7-50.9.2
php7-xmlwriter-7.0.7-50.9.2
php7-xmlwriter-debuginfo-7.0.7-50.9.2
php7-xsl-7.0.7-50.9.2
php7-xsl-debuginfo-7.0.7-50.9.2
php7-zip-7.0.7-50.9.2
php7-zip-debuginfo-7.0.7-50.9.2
php7-zlib-7.0.7-50.9.2
php7-zlib-debuginfo-7.0.7-50.9.2

- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):

php7-pear-7.0.7-50.9.2
php7-pear-Archive_Tar-7.0.7-50.9.2


References:

https://www.suse.com/security/cve/CVE-2016-10397.html
https://www.suse.com/security/cve/CVE-2016-5766.html
https://www.suse.com/security/cve/CVE-2017-11142.html
https://www.suse.com/security/cve/CVE-2017-11144.html
https://www.suse.com/security/cve/CVE-2017-11145.html
https://www.suse.com/security/cve/CVE-2017-11146.html
https://www.suse.com/security/cve/CVE-2017-11147.html
https://www.suse.com/security/cve/CVE-2017-11628.html
https://www.suse.com/security/cve/CVE-2017-7890.html
https://bugzilla.suse.com/1047454
https://bugzilla.suse.com/1048094
https://bugzilla.suse.com/1048096
https://bugzilla.suse.com/1048100
https://bugzilla.suse.com/1048111
https://bugzilla.suse.com/1048112
https://bugzilla.suse.com/1050241
https://bugzilla.suse.com/1050726
https://bugzilla.suse.com/1052389
https://bugzilla.suse.com/1053645
https://bugzilla.suse.com/986386

--