SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)

This security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 bnc931421: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 bnc931776: pcntlexec did not check path validity. - CVE-2015-4022 bnc931772: Fixed and overflow in ftpgenlist that result...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1166-1)

This update for php5 fixes the following security issues : - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0424-1)

php5 was updated to fix two security issues. These security issues were fixed : - CVE-2014-9652: Out of bounds read in mconvert bnc917150. - CVE-2015-0273: Use after free vulnerability in unserialize with DateTimeZone bnc918768. Note that Tenable Network Security has extracted the preceding...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)

This update for php5 fixes the following issues : Security issues fixed : - CVE-2016-4346: heap overflow in ext/standard/string.c bsc977994 - CVE-2016-4342: heap corruption in tar/zip/phar parser bsc977991 - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflo...

SUSE SLES12 Security Update : Recommended update for php5 (SUSE-SU-2018:3995-1)

This update for php5 fixes the following issues : Security issue fixed : CVE-2018-19518: Fixed imapopen script injection flaw bsc1117107. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatical...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0868-1)

PHP was updated to fix ten security issues. The following vulnerabilities were fixed : - CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd bnc923946 - CVE-2015-2301: Memory was use after it was freed in PHAR bnc922022 - CVE-2015-2305: heap overflow...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2518-1)

This update for php5 fixes on issues. This security issue was fixed : - CVE-2017-12933: The finishnesteddata function in ext/standard/varunserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2766-1)

This update for php5 fixes the following security issues : - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1277-1)

This update for php5 fixes the following security issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)

This update for php5 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 - CVE-2016-9935 Invalid read could lead to crash bsc1015189 Note that Tenable Network...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)

This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...

SUSE SLES12 Security Update : php5 (SUSE-SU-2014:1497-1)

php5 was updated to fix three security issues. The following security issues were fixed : - xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime CVE-2014-3668. - integer overflow in unserialize CVE-2014-3669. - heap corruption issue in exifthumbnail CVE-2014-3670. Note that Tenable...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)

This update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the unserialization ...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:3277-1)

This update for php5 fixes the following issues: Security issues fixed : - CVE-2017-16642: Fix timelibmeridian error that could be used to leak information from the interpreter bsc1067441. - CVE-2017-4025: Fix pathname truncation in setincludepath, tempnam, rmdir, and readlink bsc1067090. -...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:2477-1)

This update for php5 fixes the following security issues : - CVE-2016-7411: php5: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out o...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:0284-1)

This update for php5 fixes the following issues : - CVE-2015-7803: Specially crafted .phar files with a crafted TAR archive entry allowed remote attackers to cause a Denial of Service DoS bsc949961 - CVE-2016-1903: Specially crafted image files could could allow remote attackers read unspecified...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:0216-1)

This update for php5 fixes several issues. These security issues were fixed : - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure bsc1076220 - CVE-2018-5711: Prevent integer signedness error that could...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)

This update for php5 fixes the following security issues : - CVE-2016-6294: The localeacceptfromhttp function in ext/intl/locale/localemethods.c did not properly restrict calls to the ICU ulocacceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service out-of-bound...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:3017-1)

This update for php5 fixes the following issue : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753 Note that Tenable Network Security has extracted the...

SUSE SLES12 Security Update : php5 (SUSE-SU-2018:2682-1)

This update for php5 fixes the following issues : The following security issues were fixed : CVE-2018-10360: Fixed an out-of-bounds read in the docorenote function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file bsc1096984...