Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
patchinfo.5285
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5285
<patchinfo incident="5285"> <packager>pgajdos</packager> <issue tracker="bnc" id="1048096">VUL-1: CVE-2017-11144: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash of t</issue> <issue tracker="bnc" id="1047454">VUL-0: CVE-2016-10397: php5,php53: parse_url() in PHP < 5.6.28 can be bypassed to return fake host</issue> <issue tracker="bnc" id="1048094">VUL-1: CVE-2017-11147: php5,php7,php53: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information due t</issue> <issue tracker="bnc" id="1048111">VUL-0: CVE-2017-11146:php5, php7: lack of bounds checks in timelib_meridian parse code could lead to information leak</issue> <issue tracker="bnc" id="1048112">VUL-0: CVE-2017-11145:php5, php7: lack of bounds check in timelib_meridian coud lead to information leak</issue> <issue tracker="bnc" id="1048100">VUL-0: CVE-2017-11142: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables</issue> <issue tracker="cve" id="2016-10397"></issue> <issue tracker="cve" id="2017-11142"></issue> <issue tracker="cve" id="2017-11144"></issue> <issue tracker="cve" id="2017-11145"></issue> <issue tracker="cve" id="2017-11146"></issue> <issue tracker="cve" id="2017-11147"></issue> <issue tracker="bnc" id="1053645">L3: Soap Request with References in PHP bug</issue> <issue tracker="bnc" id="1052389">php7-pear should explicitly require php7-pear-Archive_Tar</issue> <issue tracker="cve" id="2017-11628"></issue> <issue tracker="bnc" id="1050726">VUL-1: CVE-2017-11628: php5,php7,php53: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c</issue> <issue tracker="cve" id="2016-5766"></issue> <issue tracker="bnc" id="986386">VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow</issue> <issue tracker="cve" id="2017-7890"></issue> <issue tracker="bnc" id="1050241">VUL-1: CVE-2017-7890: php5,php7,php53: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function </issue> <category>security</category> <rating>important</rating> <summary>Security update for php7</summary> <description>This update for php7 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes: - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor