SUSE-SU-2017:0556-1
Vulnerability Summary
Timeline
Description
Security update for php5 This update for php5 fixes the following issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265)
Affected Systems
- suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-96.1
- suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 5.5.14-96.1
- suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 5.5.14-96.1
References (17)
- https://www.suse.com/support/update/announcement/2017/suse-su-20170556-1/
- https://bugzilla.suse.com/1019550
- https://bugzilla.suse.com/1022219
- https://bugzilla.suse.com/1022255
- https://bugzilla.suse.com/1022257
- https://bugzilla.suse.com/1022260
- https://bugzilla.suse.com/1022263
- https://bugzilla.suse.com/1022264
- https://bugzilla.suse.com/1022265
- https://www.suse.com/security/cve/CVE-2016-10158
- https://www.suse.com/security/cve/CVE-2016-10159
- https://www.suse.com/security/cve/CVE-2016-10160
- https://www.suse.com/security/cve/CVE-2016-10161
- https://www.suse.com/security/cve/CVE-2016-10166
- https://www.suse.com/security/cve/CVE-2016-10167
- https://www.suse.com/security/cve/CVE-2016-10168
- https://www.suse.com/security/cve/CVE-2016-7478