Security update for php5
This update for php5 fixes the following security issues:
* CVE-2016-7411: php5: Memory corruption when destructing deserialized object
* CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
* CVE-2016-7413: Use after free in wddx_deserialize
* CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
* CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
* CVE-2016-7417: Missing type check when unserializing SplArray
* CVE-2016-7418: Null pointer dereference in php_wddx_push_element
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#999679
VUL-0: CVE-2016-7413: php5, php53, php7: Use after free in wddx_deserialize
bnc#999685
VUL-0: CVE-2016-7416: php5, php7: Stack based buffer overflow in msgfmt_format_message
bnc#999684
VUL-0: CVE-2016-7417: php5, php7: Missing type check when unserializing SplArray
bnc#999680
VUL-0: CVE-2016-7412: php5, php7: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
bnc#999682
VUL-0: CVE-2016-7411: php5: Memory corruption when destructing deserialized object
bnc#999820
VUL-0: CVE-2016-7414: php5, php7: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
bnc#999819
VUL-0: CVE-2016-7418: php5, php7: Null pointer dereference in php_wddx_push_element
