SUSE-SU-2018:3018-1 Security update for php53

This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753...

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2681-1)

This update for php53 fixes the following issues : The following security issues were fixed : CVE-2018-14851: Fixed an out-of-bound read in exifprocessIFDinMAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. bsc1103659 CVE-2018-14883...

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:2044-1)

This update for php53 fixes the following issues: The following security issue was fixed : - An out-of-bounds read in the docorenote function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file CVE-2018-10360, bsc1096984 - CVE-2018-12882:...

SUSE-SU-2018:2044-1 Security update for php53

This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the docorenote function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file CVE-2018-10360, bsc1096984 - CVE-2018-12882:...

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:1294-1)

This update for php53 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

SUSE-SU-2018:1294-1 Security update for php53

This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0806-1)

This update for php53 fixes several issues. These security issues were fixed : - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234 - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 err...

SUSE-SU-2018:0806-1 Security update for php53

This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of streamgetmetadata could be controlled if the input can be controlled e.g., during file uploads. bsc1080234 - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 erro...

SUSE SLES11 Security Update : php53 (SUSE-SU-2018:0003-1)

This update for php53 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitsetsetrange during regex compilation...

SUSE-SU-2018:0003-1 Security update for php53

This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitsetsetrange during regex compilation...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:2522-1)

This update for php53 fixes the several issues. These security issues were fixed : - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact...

SUSE-SU-2017:2522-1 Security update for php53

This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact ...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1709-1)

This update for php53 fixes the following issues : - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. Note that...

SUSE-SU-2017:1709-1 Security update for php53

This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. bsc1044976 The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:1585-1)

This update for php53 fixes the following issues: This security issue was fixed : - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used t...

SUSE-SU-2017:1585-1 Security update for php53

This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used th...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0568-1)

This update for php53 fixes the following security issues : - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to...

SUSE-SU-2017:0568-1 Security update for php53

This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service bsc1019550 - CVE-2016-10158: The exifconvertanytoint function in ext/exif/exif.c in PHP allowed remote attackers to...

SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0109-1)

This update for php53 fixes the following issues : - CVE-2014-9912: Stack-based buffer overflow in ulocgetDisplayName bsc1012232 - CVE-2016-9933: Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934: Dereference from NULL pointer could lead to crash bsc1015188 -...

SUSE-SU-2017:0109-1 Security update for php53

This update for php53 fixes the following issues: CVE-2014-9912: Stack-based buffer overflow in ulocgetDisplayName bsc1012232 CVE-2016-9933: Possible stack overflow on truecolor images handling bsc1015187 CVE-2016-9934: Dereference from NULL pointer could lead to crash bsc1015188 CVE-2016-9935:...