Update for 00Meta, 389-ds, 389-ds.2045, Graphics... security important

Security update for php7

This update for php7 fixes the following issues:

- CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)
- CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by
injectinglong form variables, related to main/php_variables. (bsc#1048100)
- CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the
OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096)
- CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.
(bsc#1048112)
- CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information
leak. (bsc#1048111)
- CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive
files to crash the PHP interpreteror potentially disclose information. (bsc#1048094)
- CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)
- CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
could lead to denial of service (bsc#1050241)
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386)

Other fixes:

- Soap Request with References (bsc#1053645)
- php7-pear should explicitly require php7-pear-Archive_Tar
otherwise this dependency must be declared in every
php7-pear-* package explicitly. [bnc#1052389]

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1048096
VUL-1: CVE-2017-11144: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash of t
bnc#1047454
VUL-0: CVE-2016-10397: php5,php53: parse_url() in PHP < 5.6.28 can be bypassed to return fake host
bnc#1048094
VUL-1: CVE-2017-11147: php5,php7,php53: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information due t
bnc#1048111
VUL-0: CVE-2017-11146:php5, php7: lack of bounds checks in timelib_meridian parse code could lead to information leak
bnc#1048112
VUL-0: CVE-2017-11145:php5, php7: lack of bounds check in timelib_meridian coud lead to information leak
bnc#1048100
VUL-0: CVE-2017-11142: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables
bnc#1053645
L3: Soap Request with References in PHP bug
bnc#1052389
php7-pear should explicitly require php7-pear-Archive_Tar
bnc#1050726
VUL-1: CVE-2017-11628: php5,php7,php53: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c
bnc#986386
VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow
bnc#1050241
VUL-1: CVE-2017-7890: php5,php7,php53: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
Selected Binaries
openSUSE Build Service is sponsored by