SUSE-SU-2016:2459-1
Vulnerability Summary
Timeline
Description
Security update for php53 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element
Affected Systems
- suse•php53&distro=SUSE Linux Enterprise Point of Sale 11 SP3
< 5.3.17-84.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
< 5.3.17-84.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 5.3.17-84.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP4
< 5.3.17-84.1
- suse•php53&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 5.3.17-84.1
- suse•php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 5.3.17-84.1
- suse•php53&distro=SUSE Manager 2.1
< 5.3.17-84.1
- suse•php53&distro=SUSE Manager Proxy 2.1
< 5.3.17-84.1
- suse•php53&distro=SUSE OpenStack Cloud 5
< 5.3.17-84.1
References (33)
- https://www.suse.com/support/update/announcement/2016/suse-su-20162459-1/
- https://bugzilla.suse.com/997206
- https://bugzilla.suse.com/997207
- https://bugzilla.suse.com/997208
- https://bugzilla.suse.com/997210
- https://bugzilla.suse.com/997211
- https://bugzilla.suse.com/997220
- https://bugzilla.suse.com/997225
- https://bugzilla.suse.com/997230
- https://bugzilla.suse.com/997257
- https://bugzilla.suse.com/999679
- https://bugzilla.suse.com/999680
- https://bugzilla.suse.com/999682
- https://bugzilla.suse.com/999684
- https://bugzilla.suse.com/999685
- https://bugzilla.suse.com/999819
- https://bugzilla.suse.com/999820
- https://www.suse.com/security/cve/CVE-2016-7124
- https://www.suse.com/security/cve/CVE-2016-7125
- https://www.suse.com/security/cve/CVE-2016-7126
- https://www.suse.com/security/cve/CVE-2016-7127
- https://www.suse.com/security/cve/CVE-2016-7128
- https://www.suse.com/security/cve/CVE-2016-7129
- https://www.suse.com/security/cve/CVE-2016-7130
- https://www.suse.com/security/cve/CVE-2016-7131
- https://www.suse.com/security/cve/CVE-2016-7132
- https://www.suse.com/security/cve/CVE-2016-7411
- https://www.suse.com/security/cve/CVE-2016-7412
- https://www.suse.com/security/cve/CVE-2016-7413
- https://www.suse.com/security/cve/CVE-2016-7414
- https://www.suse.com/security/cve/CVE-2016-7416
- https://www.suse.com/security/cve/CVE-2016-7417
- https://www.suse.com/security/cve/CVE-2016-7418