Overview

File _patchinfo of Package patchinfo.7363

<patchinfo incident="7363">
  <issue id="1091367" tracker="bnc">VUL-0: CVE-2018-10545: php5,php7,php53: Dumpable FPM child processes allow bypassing opcache access controls</issue>
  <issue id="1091355" tracker="bnc">VUL-0: CVE-2018-10548: php5,php7,php53: ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service</issue>
  <issue id="1091363" tracker="bnc">VUL-0: CVE-2018-10546: php5,php7,php53: An infinite loop exists in ext/iconv/iconv.c</issue>
  <issue id="1091362" tracker="bnc">VUL-0: CVE-2018-10547: php5,php7,php53: There is Reflected XSS on the PHAR 403 and 404 error pages</issue>
  <issue id="2018-10548" tracker="cve" />
  <issue id="2018-10545" tracker="cve" />
  <issue id="2018-10546" tracker="cve" />
  <issue id="2018-10547" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>This update for php5 fixes the following issues:

Security issues fixed:

- CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367).
- CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362).
- CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363).
- CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355).
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places