SUSE-SU-2016:2080-1

Advisory lineage Upstream: 12 Downstream: 0

Upstream

CVE-2015-8935 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5769 CVE-2016-5772

Published: 16 Aug 2016, 07:26

Last modified:02 May 2025, 04:04

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Aug 2016, 07:26

Published

Vulnerability first disclosed

02 May 2025, 04:04

Last Modified

Vulnerability information updated

Description

Security update for php5 php5 was updated to fix the following security issues: - CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426). - CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427). - CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428). - CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429). - CVE-2016-5399: Improper error handling in bzread() (bsc#991430). - CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433). - CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437). - CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).

Affected Systems

suse•php5&distro=SUSE Linux Enterprise Server 11 SP2-LTSS
< 5.2.14-0.7.30.89.1

SUSE-SU-2016:2080-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (25)