SUSE-SU-2017:1662-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2016-6294 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227

Published: 23 Jun 2017, 13:01

Last modified:04 Feb 2026, 02:36

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jun 2017, 13:01

Published

Vulnerability first disclosed

04 Feb 2026, 02:36

Last Modified

Vulnerability information updated

Description

Security update for php5 This update for php5 fixes the following security issues: - CVE-2016-6294: The locale_accept_from_http function in ext/intl/locale/locale_methods.c did not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument (bsc#1035111). - CVE-2017-9227: A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. (bsc#1040883) - CVE-2017-9226: A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. (bsc#1040889) - CVE-2017-9224: A stack out-of-bounds read occurs in match_at() during regular expression searching. (bsc#1040891)

Affected Systems

suse•php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 5.5.14-108.1
suse•php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 5.5.14-108.1

SUSE-SU-2017:1662-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (9)