SUSE-SU-2017:2303-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/phpvariables. bsc1048100 -...

Fedora 26 : ming (2017-198ca8ba07)

Release 0.4.8 no ABI or API changes - Add PHP7 compatibility - Fix C++ output of disassembler - Fix heap overflows in parser.c CVE-2017-7578 - Avoid division by zero in listmp3 when no valid frame was found CVE-2016-9265 - Don't try printing unknown block CVE-2016-9828 - Parse Protect tag's...

openSUSE Security Update : php7 (openSUSE-2017-790)

This update for php7 fixes the following security issues : - CVE-2017-9224: stack out-of-bounds read occurs in matchat could lead to Denial of service bsc1040891 - CVE-2017-9226: heap out-of-bounds write orread occurs in nextstateval could lead to Denial of servicebsc1040889 - CVE-2017-9227: stac...

Internet Bug Bounty: Use-after-free in PHP7's unserialize()

The bug submitted at: https://bugs.php.net/bug.php?id=74614 The fix committed at: https://github.com/php/php-src/commit/d02f953faf4afdd1576acb1380e4cd3c050ac599...

SUSE-SU-2017:1717-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2017-9224: stack out-of-bounds read occurs in matchat could lead to Denial of service bsc1040891 - CVE-2017-9226: heap out-of-bounds write orread occurs in nextstateval could lead to Denial of servicebsc1040889 - CVE-2017-9227: stack...

Internet Bug Bounty: PHP mbstring / Oniguruma multiple remote heap/stack corruptions

Oniguruma 1 by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module since PHP5, use Oniguruma as their regular expression engine. It is also used in products...

Fedora 25 : ming (2017-d43d46f1ca)

Release 0.4.8 no ABI or API changes - Add PHP7 compatibility - Fix C++ output of disassembler - Fix heap overflows in parser.c CVE-2017-7578 - Avoid division by zero in listmp3 when no valid frame was found CVE-2016-9265 - Don't try printing unknown block CVE-2016-9828 - Parse Protect tag's...

Fedora 24 : ming (2017-ed6b6a1d7a)

Release 0.4.8 no ABI or API changes - Add PHP7 compatibility - Fix C++ output of disassembler - Fix heap overflows in parser.c CVE-2017-7578 - Avoid division by zero in listmp3 when no valid frame was found CVE-2016-9265 - Don't try printing unknown block CVE-2016-9828 - Parse Protect tag's...

openSUSE Security Update : php7 (openSUSE-2017-458)

This update for php7 fixes the following issues : Security issue fixed : - CVE-2015-8994: code permission/sensitive data protection vulnerability bsc1027210. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

SUSE-SU-2017:0899-1 Security update for php7

This update for php7 fixes the following issues: Security issue fixed: - CVE-2015-8994: code permission/sensitive data protection vulnerability bsc1027210...

Medium: php70

Issue Overview: Integer overflow in gdio.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 In all versions of PHP 7, during the unserialization...

openSUSE Security Update : php7 (openSUSE-2017-304)

This update for php7 fixes the following security issues : - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...

openSUSE: Security Advisory for php7 (openSUSE-SU-2017:0588-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2017:0534-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service uninitialized...

openSUSE Security Update : php7 (openSUSE-2017-61)

This update for php7 fixes the following issues : - CVE-2016-9933 Possible stack overflow on truecolor images handling bsc1015187 - CVE-2016-9934 Dereference from NULL pointer could lead to crash bsc1015188 - CVE-2016-9935 Invalid read could lead to crash bsc1015189 - CVE-2016-9936 Use After free...

openSUSE Security Update : php7 (openSUSE-2016-1440) (httpoxy)

This update for php7 fixes the following security issues : - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029. This update was imported from the SUSE:SLE-12:Update update project...

SUSE-SU-2016:2941-1 Security update for php7

This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTPPROXY environment variable via Proxy header httpoxy bsc988486. - CVE-2016-9137: Fixing a Use After Free in unserialize bsc1008029...

Internet Bug Bounty: Use After Free in PHP7 unserialize()

The bug reported at: https://bugs.php.net/bug.php?id=72978...

SUSE-SU-2016:2683-1 Security update for php7

This update for php7 fixes the following security issue: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...

SUSE-SU-2016:2683-2 Security update for php7

This update for php7 fixes the following security issue: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp bsc1001900 - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf bsc1004924 -...