Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for php5

This update for php5 fixes the following security issues:

- CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003)
- CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005)
- CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997)
- CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996)
- CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#977003
VUL-0: CVE-2016-4073: php5,php53: mb_strcut() function incorrectly handle string length calculations
bnc#977005
VUL-0: CVE-2015-8867: php5,php53: openssl_random_pseudo_bytes() is not cryptographically secure
bnc#976996
VUL-0: CVE-2015-8866: php5,php53: libxml_disable_entity_loader() setting is shared between threads
bnc#976997
VUL-1: CVE-2016-4070: php5,php53: Integer overflow in php_raw_url_encode
bnc#977000
VUL-0: CVE-2016-4071: php5,php53: php_snmp_error() Format String Vulnerability
CVE-CVE-2016-4073
CVE-CVE-2016-4071
CVE-CVE-2016-4070
CVE-CVE-2015-8867
CVE-CVE-2015-8866
Selected Binaries
openSUSE Build Service is sponsored by
Places