SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1425-1)

PHP was updated to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-5589: PHP could be crashed when processing an invalid file with the 'phar' extension with a segfault in Phar::convertToData, leading to Denial of Service DOS bsc938721 - CVE-2015-5590: PHP could be...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)

This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)

This security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 bnc931421: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 bnc931776: pcntlexec did not check path validity. - CVE-2015-4022 bnc931772: Fixed and overflow in ftpgenlist that result...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0717-1)

This update for php5 fixes the following issues: Security issues fixed : - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the phpstreamurlwraphttpex bsc1083639. Note that Tenable Network Security has extracted the preceding description block directly from the...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)

This update for php5 fixes the following security issues : - CVE-2016-6294: The localeacceptfromhttp function in ext/intl/locale/localemethods.c did not properly restrict calls to the ICU ulocacceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service out-of-bound...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0556-1)

This update for php5 fixes the following issues : - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to cause a...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1166-1)

This update for php5 fixes the following security issues : - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2766-1)

This update for php5 fixes the following security issues : - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:3017-1)

This update for php5 fixes the following issue : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753 Note that Tenable Network Security has extracted the...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0530-1)

This update for php5 fixes the following issues : - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234 Note that Tenable Network Security has extracted the preceding description block direct...

SUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1)

php5 was updated to fix three security issues. The following security issues were fixed : - xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime CVE-2014-3668. - integer overflow in unserialize CVE-2014-3669. - heap corruption issue in exifthumbnail CVE-2014-3670. Note that Tenable...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)

This update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the unserialization ...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:0284-1)

This update for php5 fixes the following issues : - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service DoS bsc949961 - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified...

SUSE SLES12 Security Update : Recommended update for php5 (SUSE-SU-2018:3995-1)

This update for php5 fixes the following issues : Security issue fixed : CVE-2018-19518: Fixed imapopen script injection flaw bsc1117107. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatical...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1)

This update for php5 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-4025: Fix pathname truncation in setincludepath, tempnam, rmdir, and readlink bsc1067090. -...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)

This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 - CVE-2016-9935 Invalid read could lead to crash bsc1015189 Note that Tenable Network...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0868-1)

PHP was updated to fix ten security issues. The following vulnerabilities were fixed : - CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd bnc923946 - CVE-2015-2301: Memory was use after it was freed in PHAR bnc922022 - CVE-2015-2305: heap overflow...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0365-1)

php5 was updated to fix four security issues. These security issues were fixed : - CVE-2015-0231: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)

This update for php5 fixes the following security issues : - CVE-2016-7411: php5: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out o...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)

This update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the docorenote function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file bsc1096984...