Security fix for the ALT Linux 10 package php8.0 version Jan.

Jan. 15, 2019 Anton Farygin 7.2.14-alt1 - 7.2.14 fixes: CVE-2018-19935 - removed the .a archive from php7-mysqlnd package closes: 34521 - E2K: worked around the lack of gcc5's builtins in lcc-1.23 closes: 35856...

Twilio WEB To Fax Machine System Application 1.0 SQL Injection

Exploit Title: Fax Machine System Application 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link: https://codecanyon.net/item/twilio-web-to-fax-machine-system-application-php-script/22139608 Version: 1.0 Category: Webapps...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1886-1)

This update for php7 fixes the following issues : - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098 Note that Tenable Network Security has extracted the preceding...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)

This update for php7 fixes the following security issues : - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...

SUSE SLES15 Security Update : php7 (SUSE-SU-2018:2337-1)

This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exifprocessIFDinMAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. bsc1103659 -...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2468-1)

This update for php7 fixes several issues. These security issues were fixed : - CVE-2017-12932: Prevent heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue could have...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2683-1)

This update for php7 fixes the following security issue : - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

SUSE SLES15 Security Update : php7 (SUSE-SU-2018:3016-1)

This update for php7 fixes the following issues : This security issue was fixed : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753 The update package als...

SUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-1)

This update for php7 fixes the following issues : - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098. Note that Tenable Network Security has extracted the preceding...

SUSE SLES12 Security Update : Recommended update for php7 (SUSE-SU-2018:3988-1)

This update for php7 fixes the following issues : Security issue fixed : CVE-2018-19518: Fixed imapopen script injection flaw bsc1117107. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatical...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2887-1)

This update for php7 fixes the following issues : CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753. Note that Tenable Network Security has extracted the...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:2333-1)

This update for php7 fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-14851: Fixed an out-of-bound read in exifprocessIFDinMAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. bsc1103659 -...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0017-1)

This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 - CVE-2016-9935 Invalid read could lead to crash bsc1015189 - CVE-2016-9936 Use After free...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2941-1) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. Note that Tenable Network Security has extracted the preceding description blo...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1176-1)

This update for php7 fixes the following issues: Security issues fixed : - CVE-2018-10545: Fix access controls in FPM child processes bsc1091367. - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages bsc1091362. - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c...

SUSE SLES15 Security Update : php7 (SUSE-SU-2018:1936-2)

This update for php7 fixes the following issues : - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098. Note that Tenable Network Security has extracted the preceding...

SUSE SLES12 Security Update : php7 (SUSE-SU-2016:2460-1)

This update for php7 fixes the following security issues : - CVE-2016-6128: Invalid color index not properly handled bsc987580 - CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 - CVE-2016-6292: NULL pointer dereference in exifprocessusercomme...

SUSE SLES15 Security Update : php7 (SUSE-SU-2018:2840-1)

This update for php7 fixes the following issues : Security issue fixed : CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. bsc1105434 Note that Tenable Network...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:1717-1)

This update for php7 fixes the following security issues : - CVE-2017-9224: stack out-of-bounds read occurs in matchat could lead to Denial of service bsc1040891 - CVE-2017-9226: heap out-of-bounds write orread occurs in nextstateval could lead to Denial of servicebsc1040889 - CVE-2017-9227: stac...

SUSE SLES12 Security Update : php7 (SUSE-SU-2018:0308-1)

This update for php7 fixes several issues. These security issues were fixed : - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure bsc1076220. - CVE-2018-5711: Prevent integer signedness error that coul...