SUSE-SU-2017:0568-1
Vulnerability Summary
Timeline
Description
Security update for php53 This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service (bsc#1019550) - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. (bsc#1022219) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265)
Affected Systems
- suse•php53&distro=SUSE Linux Enterprise Point of Sale 11 SP3
< 5.3.17-101.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
< 5.3.17-101.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 5.3.17-101.1
- suse•php53&distro=SUSE Linux Enterprise Server 11 SP4
< 5.3.17-101.1
- suse•php53&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 5.3.17-101.1
- suse•php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 5.3.17-101.1
- suse•php53&distro=SUSE Manager 2.1
< 5.3.17-101.1
- suse•php53&distro=SUSE Manager Proxy 2.1
< 5.3.17-101.1
- suse•php53&distro=SUSE OpenStack Cloud 5
< 5.3.17-101.1
References (17)
- https://www.suse.com/support/update/announcement/2017/suse-su-20170568-1/
- https://bugzilla.suse.com/1019550
- https://bugzilla.suse.com/1022219
- https://bugzilla.suse.com/1022255
- https://bugzilla.suse.com/1022257
- https://bugzilla.suse.com/1022260
- https://bugzilla.suse.com/1022263
- https://bugzilla.suse.com/1022264
- https://bugzilla.suse.com/1022265
- https://www.suse.com/security/cve/CVE-2016-10158
- https://www.suse.com/security/cve/CVE-2016-10159
- https://www.suse.com/security/cve/CVE-2016-10160
- https://www.suse.com/security/cve/CVE-2016-10161
- https://www.suse.com/security/cve/CVE-2016-10166
- https://www.suse.com/security/cve/CVE-2016-10167
- https://www.suse.com/security/cve/CVE-2016-10168
- https://www.suse.com/security/cve/CVE-2016-7478