SUSE-SU-2017:2317-1

Advisory lineage Upstream: 9 Downstream: 0
Published: 31 Aug 2017, 19:45
Last modified:02 May 2025, 04:05

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

31 Aug 2017, 19:45
Published
Vulnerability first disclosed
02 May 2025, 04:05
Last Modified
Vulnerability information updated

Description

Security update for php5 This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)

Affected Systems

  • susephp5&distro=SUSE Linux Enterprise Module for Web and Scripting 12

    < 5.5.14-109.5.1

  • susephp5&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

    < 5.5.14-109.5.1

  • susephp5&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

    < 5.5.14-109.5.1

References (19)