Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.2112
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.2112
<patchinfo incident="2112"> <issue id="968284" tracker="bnc">VUL-0: CVE-2016-2554: php5, php53: Stack overflow vulnerability when decompressing tar phar archives</issue> <issue id="969821" tracker="bnc">VUL-1: CVE-2016-3141: php5: PHP Bugfix (71587) - Use-After-Free / Double-Free in WDDX Deserialize</issue> <issue id="971912" tracker="bnc">VUL-0: CVE-2016-3142: php5: Out-of-bounds read in phar_parse_zipfile()</issue> <issue id="971612" tracker="bnc">VUL-0: CVE-2014-9767: php5: ZipArchive::extractTo allows for directory traversal when creating directories</issue> <issue id="971611" tracker="bnc">VUL-0: CVE-2016-3185: php5: Type confusion vulnerability in nake_http_soap_request()</issue> <issue id="973351" tracker="bnc">VUL-0: CVE-2015-8835: php5,php53: SoapClient s __call method suffers from type confusion issue</issue> <issue id="973792" tracker="bnc">VUL-0: CVE-2015-8838: php5,php53: mysqlnd is vulnerable to BACKRONYM</issue> <issue id="CVE-2015-8838" tracker="cve" /> <issue id="CVE-2015-8835" tracker="cve" /> <issue id="CVE-2016-2554" tracker="cve" /> <issue id="CVE-2016-3141" tracker="cve" /> <issue id="CVE-2016-3142" tracker="cve" /> <issue id="CVE-2014-9767" tracker="cve" /> <issue id="CVE-2016-3185" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description> This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] </description> <summary>Security update for php5</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
