SUSE-SU-2016:2460-2 Security update for php7

This update for php7 fixes the following security issues: CVE-2016-6128: Invalid color index not properly handled bsc987580 CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif bsc988032 CVE-2016-6292: Null pointer dereference in exifprocessusercomment...

PHP7 Unserialization Use After Free

A Use-After-Free vulnerability exists in the Standard PHP library's unserializion of array objects, due to an internal array self-reference. An attacker could exploit this vulnerability by supplying crafted input to a PHP application. Successful exploitation may result in remote execution of...

FreeBSD : php7 -- multiple vulnerabilities (5af511e5-e928-11e5-92ce-002590263bf5)

The PHP Group reports : - Core : - Fixed bug 71637 Multiple Heap Overflow due to integer overflows in xml/filterurl/addcslashes. - SOAP : - Fixed bug 71610 Type Confusion Vulnerability - SOAP / makehttpsoaprequest. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

php5 -- multiple vulnerabilities

The PHP Project reports: Use after free vulnerability in unserialize with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow...