12 matches found
SUSE-SU-2019:13961-1 Security update for php53
This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function bsc1123354. - CVE-2019-6978: Fixed a double free in the gdImagePtr functions bsc1123522...
SUSE-SU-2018:1294-1 Security update for php53
This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...
SUSE-SU-2018:0806-1 Security update for php53
This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234 - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 erro...
SUSE-SU-2017:2522-1 Security update for php53
This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact ...
SUSE-SU-2017:1709-1 Security update for php53
This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available...
SUSE-SU-2017:1585-1 Security update for php53
This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used th...
SUSE-SU-2017:0568-1 Security update for php53
This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to...
SUSE-SU-2016:2459-1 Security update for php53
This update for php53 fixes the following security issues: CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization CVE-2016-7125: PHP Session Data Injection Vulnerability CVE-2016-7126: selectcolors write out-of-bounds CVE-2016-7127: imagegammacorrect allowed arbitra...
SUSE-SU-2016:2328-1 Security update for php53
This update for php53 fixes the following security issues: CVE-2014-3587: Integer overflow in the cdfreadpropertyinfo affecting SLES11 SP3 bsc987530 CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426 CVE-2016-6291: Out-of-bounds access in...
SUSE-SU-2016:1581-1 Security update for php53
This update for php53 fixes the following issues: - CVE-2016-5093: A geticuvalueinternal out-of-bounds read could crash the php interpreter bsc982010 - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows bsc982011,bsc982012 - CVE-2016-5096: A...
SUSE-SU-2016:1145-1 Security update for php53
This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in phargetfpoffset...
SUSE-SU-2015:0436-1 Security update for php53
This update fixes the following vulnerabilities in php: Heap corruption issue in exifthumbnail. CVE-2014-3670 Integer overflow in unserialize. CVE-2014-3669 Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime. CVE-2014-3668 Security Issues: CVE-2014-3669 CVE-2014-3670 CVE-2014-3668...