Security update for php5
This security update for php5 fixes the following issues:
- a call to ImageFillToBorder() could cause a stack overflow leading to
stack exhaustion when the image used was not truecolor
(CVE-2016-9933, boo#1015187)
- deserialization of a WDDX packet containing a PDORow object could crash php
(CVE-2016-9934, boo#1015188)
- deserialization of a WDDX packet containing an empty boolean element could
crash php (CVE-2016-9935, boo#1015189)
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1015189
VUL-0: CVE-2016-9935: php5,php53,php7: Invalid read when wddx decodes empty boolean element
bnc#1015188
VUL-0: CVE-2016-9934: php5,php53,php7: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
bnc#1015187
VUL-0: CVE-2016-9933: php5,php53,php7: imagefilltoborder stackoverflow on truecolor images
