Lucene search

K
suseSuseSUSE-SU-2016:2080-1
HistoryAug 16, 2016 - 1:10 p.m.

Security update for php5 (important)

2016-08-1613:10:01
lists.opensuse.org
69

0.246 Low

EPSS

Percentile

96.2%

php5 was updated to fix the following security issues:

  • CVE-2016-6297: Stack-based buffer overflow vulnerability in
    php_stream_zip_opener (bsc#991426).
  • CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
    (bsc#991427).
  • CVE-2016-6289: Integer overflow leads to buffer overflow in
    virtual_file_ex (bsc#991428).
  • CVE-2016-6290: Use after free in unserialize() with Unexpected Session
    Deserialization (bsc#991429).
  • CVE-2016-5399: Improper error handling in bzread() (bsc#991430).
  • CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433).
  • CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn
    in simplestring.c (bsc#991437).
  • CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows
    (bsc#986388).
  • CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).
  • CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244).
  • CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
    overflow (bsc#986386).
  • CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting
    in heap overflow (bsc#986393).