Security update for php5 (important)

ID SUSE-SU-2016:2477-1
Type suse
Reporter Suse
Modified 2016-10-07T21:12:50


This update for php5 fixes the following security issues:

  • CVE-2016-7411: php5: Memory corruption when destructing deserialized object
  • CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
  • CVE-2016-7413: Use after free in wddx_deserialize
  • CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
  • CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
  • CVE-2016-7417: Missing type check when unserializing SplArray
  • CVE-2016-7418: Null pointer dereference in php_wddx_push_element