Lucene search

K
suseSuseSUSE-SU-2016:1277-1
HistoryMay 11, 2016 - 6:07 p.m.

Security update for php5 (important)

2016-05-1118:07:54
lists.opensuse.org
69

EPSS

0.493

Percentile

97.6%

This update for php5 fixes the following security issues:

  • CVE-2016-4073: A remote attacker could have caused denial of service, or
    possibly execute arbitrary code, due to incorrect handling of string
    length calculations in mb_strcut() (bsc#977003)
  • CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not
    return cryptographically secure random bytes (bsc#977005)
  • CVE-2016-4070: The libxml_disable_entity_loader() setting was shared
    between threads, which could have resulted in XML external entity
    injection and entity expansion issues (bsc#976997)
  • CVE-2015-8866: A remote attacker could have caused denial of service due
    to incorrect handling of large strings in php_raw_url_encode()
    (bsc#976996)
  • CVE-2016-4071: A remote attacker could have caused denial of service, or
    possibly execute arbitrary code, due to incorrect handling of string
    formatting in php_snmp_error() (bsc#977000)