Security update for php5 (important)

2016-07-07T18:08:23
ID OPENSUSE-SU-2016:1761-1
Type suse
Reporter Suse
Modified 2016-07-07T18:08:23

Description

php5 was updated to fix nine security issues.

These security issues were fixed: - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986247). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5771: Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986391). - CVE-2016-5770: int/size_t confusion in SplFileObject::fread (bsc#986392). - CVE-2016-5768: Double free in _php_mb_regex_ereg_replace_exec - (bsc#986246). - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).