Security update for php5 (important)

ID SUSE-SU-2016:2080-1
Type suse
Reporter Suse
Modified 2016-08-16T13:10:01


php5 was updated to fix the following security issues:

  • CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426).
  • CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427).
  • CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428).
  • CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429).
  • CVE-2016-5399: Improper error handling in bzread() (bsc#991430).
  • CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433).
  • CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437).
  • CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388).
  • CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).
  • CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244).
  • CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).
  • CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).