SUSE-SU-2019:1746-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on phpjpgget16 bsc1138173. - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:phpiconvmimedecode bsc1138172. - CVE-2015-1351: Fixed a use after...

SUSE-SU-2019:1325-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in phpifdget32si bsc1132838. - CVE-2019-11035: Fixed a heap-buffer overflow in exifiifaddvalue bsc1132837. - CVE-2019-9637: Fixed a potential information disclosure in rename...

SUSE-SU-2019:0985-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpcdecode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas bsc1126821. - CVE-2019-9020: Fixed a heap out of bounds in...

SUSE-SU-2019:0449-1 Security update for php5

This update for php5 fixes the following issues: Security vulnerability fixed: - CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gdcolormatch.c bsc1123354...

SUSE-SU-2018:1291-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

Debian DSA-4081-1 : php5 - security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2017-11142 Denial of service via overly long form variables - CVE-2017-11143 Invalid free in wddxdeserialize - CVE-2017-11144 Denial of service in openssl extension due to incorrect...

SUSE-SU-2017:3277-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-4025: Fix pathname truncation in setincludepath, tempnam, rmdir, and readlink bsc1067090. -...

SUSE-SU-2017:2317-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...

SUSE-SU-2017:1662-1 Security update for php5

This update for php5 fixes the following security issues: - CVE-2016-6294: The localeacceptfromhttp function in ext/intl/locale/localemethods.c did not properly restrict calls to the ICU ulocacceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service out-of-bounds...

SUSE-SU-2017:0038-1 Security update for php5

This update for php5 fixes the following issues: CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 CVE-2016-9935 Invalid read could lead to crash bsc1015189...

SUSE-SU-2016:2477-1 Security update for php5

This update for php5 fixes the following security issues: CVE-2016-7411: php5: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds...

SUSE-SU-2016:2408-1 Security update for php5

This update for php5 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...

Debian DLA-628-1 : php5 security update

CVE-2016-4473.patch An invalid free may occur under certain conditions when processing phar-compatible archives. - CVE-2016-4538.patch The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument,...

SUSE-SU-2016:1633-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read bnc982009. - CVE-2016-5093: geticuvalueinternal out-of-bounds read bnc982010. - CVE-2016-5094: Don't create strings with lengths outside of valid range bnc982011. - CVE-2016-5095: Don't create strings...

SUSE-SU-2016:1504-1 Security update for php5

This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c bsc977994 - CVE-2016-4342: heap corruption in tar/zip/phar parser bsc977991 - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow...

SUSE-SU-2016:1277-1 Security update for php5

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

SUSE-SU-2016:1166-1 Security update for php5

This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...

SUSE-SU-2015:1818-1 Security update for php53

This update of PHP5 brings several security fixes. Security fixes: CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 CVE-2015-6836: A SOAP serializefunctioncall type confusion...

SUSE-SU-2015:1701-1 Security update for php5

The PHP5 script interpreter was updated to fix security issues: CVE-2015-6836: A SOAP serializefunctioncall type confusion leading to remote code execution problem was fixed. bnc945428 CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. bnc945412...

SUSE-SU-2015:0424-1 Security update for php5

php5 was updated to fix two security issues. These security issues were fixed: - CVE-2014-9652: Out of bounds read in mconvert bnc917150. - CVE-2015-0273: Use after free vulnerability in unserialize with DateTimeZone bnc918768...