vulnerability

SUSE: CVE-2016-4343: SUSE Linux Security Advisory

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
May 19, 2016
Added
May 19, 2016
Modified
May 7, 2019

Description

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Solution(s)

suse-upgrade-apache2-mod_php5suse-upgrade-apache2-mod_php5-debuginfosuse-upgrade-php5suse-upgrade-php5-bcmathsuse-upgrade-php5-bcmath-debuginfosuse-upgrade-php5-bz2suse-upgrade-php5-bz2-debuginfosuse-upgrade-php5-calendarsuse-upgrade-php5-calendar-debuginfosuse-upgrade-php5-ctypesuse-upgrade-php5-ctype-debuginfosuse-upgrade-php5-curlsuse-upgrade-php5-curl-debuginfosuse-upgrade-php5-dbasuse-upgrade-php5-dba-debuginfosuse-upgrade-php5-debuginfosuse-upgrade-php5-debugsourcesuse-upgrade-php5-develsuse-upgrade-php5-domsuse-upgrade-php5-dom-debuginfosuse-upgrade-php5-enchantsuse-upgrade-php5-enchant-debuginfosuse-upgrade-php5-exifsuse-upgrade-php5-exif-debuginfosuse-upgrade-php5-fastcgisuse-upgrade-php5-fastcgi-debuginfosuse-upgrade-php5-fileinfosuse-upgrade-php5-fileinfo-debuginfosuse-upgrade-php5-firebirdsuse-upgrade-php5-firebird-debuginfosuse-upgrade-php5-fpmsuse-upgrade-php5-fpm-debuginfosuse-upgrade-php5-ftpsuse-upgrade-php5-ftp-debuginfosuse-upgrade-php5-gdsuse-upgrade-php5-gd-debuginfosuse-upgrade-php5-gettextsuse-upgrade-php5-gettext-debuginfosuse-upgrade-php5-gmpsuse-upgrade-php5-gmp-debuginfosuse-upgrade-php5-iconvsuse-upgrade-php5-iconv-debuginfosuse-upgrade-php5-imapsuse-upgrade-php5-imap-debuginfosuse-upgrade-php5-intlsuse-upgrade-php5-intl-debuginfosuse-upgrade-php5-jsonsuse-upgrade-php5-json-debuginfosuse-upgrade-php5-ldapsuse-upgrade-php5-ldap-debuginfosuse-upgrade-php5-mbstringsuse-upgrade-php5-mbstring-debuginfosuse-upgrade-php5-mcryptsuse-upgrade-php5-mcrypt-debuginfosuse-upgrade-php5-mssqlsuse-upgrade-php5-mssql-debuginfosuse-upgrade-php5-mysqlsuse-upgrade-php5-mysql-debuginfosuse-upgrade-php5-odbcsuse-upgrade-php5-odbc-debuginfosuse-upgrade-php5-opcachesuse-upgrade-php5-opcache-debuginfosuse-upgrade-php5-opensslsuse-upgrade-php5-openssl-debuginfosuse-upgrade-php5-pcntlsuse-upgrade-php5-pcntl-debuginfosuse-upgrade-php5-pdosuse-upgrade-php5-pdo-debuginfosuse-upgrade-php5-pearsuse-upgrade-php5-pgsqlsuse-upgrade-php5-pgsql-debuginfosuse-upgrade-php5-pharsuse-upgrade-php5-phar-debuginfosuse-upgrade-php5-posixsuse-upgrade-php5-posix-debuginfosuse-upgrade-php5-pspellsuse-upgrade-php5-pspell-debuginfosuse-upgrade-php5-readlinesuse-upgrade-php5-readline-debuginfosuse-upgrade-php5-shmopsuse-upgrade-php5-shmop-debuginfosuse-upgrade-php5-snmpsuse-upgrade-php5-snmp-debuginfosuse-upgrade-php5-soapsuse-upgrade-php5-soap-debuginfosuse-upgrade-php5-socketssuse-upgrade-php5-sockets-debuginfosuse-upgrade-php5-sqlitesuse-upgrade-php5-sqlite-debuginfosuse-upgrade-php5-suhosinsuse-upgrade-php5-suhosin-debuginfosuse-upgrade-php5-sysvmsgsuse-upgrade-php5-sysvmsg-debuginfosuse-upgrade-php5-sysvsemsuse-upgrade-php5-sysvsem-debuginfosuse-upgrade-php5-sysvshmsuse-upgrade-php5-sysvshm-debuginfosuse-upgrade-php5-tidysuse-upgrade-php5-tidy-debuginfosuse-upgrade-php5-tokenizersuse-upgrade-php5-tokenizer-debuginfosuse-upgrade-php5-wddxsuse-upgrade-php5-wddx-debuginfosuse-upgrade-php5-xmlreadersuse-upgrade-php5-xmlreader-debuginfosuse-upgrade-php5-xmlrpcsuse-upgrade-php5-xmlrpc-debuginfosuse-upgrade-php5-xmlwritersuse-upgrade-php5-xmlwriter-debuginfosuse-upgrade-php5-xslsuse-upgrade-php5-xsl-debuginfosuse-upgrade-php5-zipsuse-upgrade-php5-zip-debuginfosuse-upgrade-php5-zlibsuse-upgrade-php5-zlib-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.