Security update for php7 (important)

This update for php7 fixes the following issues:

• CVE-2016-10397: parse_url() can be bypassed to return fake host.
  (bsc#1047454)
• CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of
  service attack by injectinglong form variables, related to
  main/php_variables. (bsc#1048100)
• CVE-2017-11144: The opensslextension PEM sealing code did not check the
  return value of the OpenSSL sealingfunction, which could lead to a
  crash. (bsc#1048096)
• CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to
  information leak. (bsc#1048112)
• CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code
  could lead to information leak. (bsc#1048111)
• CVE-2017-11147: The PHAR archive handler could beused by attackers
  supplying malicious archive files to crash the PHP interpreteror
  potentially disclose information. (bsc#1048094)
• CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could
  lead to denial of service (bsc#1050726)
• CVE-2017-7890: Buffer over-read from unitialized data in
  gdImageCreateFromGifCtx function could lead to denial of service
  (bsc#1050241)
• CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
  overflow could lead to denial of service or code execution (bsc#986386)

Other fixes:

• Soap Request with References (bsc#1053645)
• php7-pear should explicitly require php7-pear-Archive_Tar
  otherwise this dependency must be declared in every php7-pear-* package
  explicitly. [bnc#1052389]