SUSE-SU-2016:2941-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2016-5385 CVE-2016-9137

Published: 29 Nov 2016, 12:42

Last modified:04 Feb 2026, 04:28

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Nov 2016, 12:42

Published

Vulnerability first disclosed

04 Feb 2026, 04:28

Last Modified

Vulnerability information updated

Description

Security update for php7 This update for php7 fixes the following security issues: - CVE-2016-5385: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bsc#988486). - CVE-2016-9137: Fixing a Use After Free in unserialize() (bsc#1008029).

Affected Systems

suse•php7&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 7.0.7-25.1
suse•php7&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 7.0.7-25.1
suse•php7&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 7.0.7-25.1

SUSE-SU-2016:2941-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)