File _patchinfo of Package patchinfo.3012

<patchinfo incident="3012">
  <issue id="991424" tracker="bnc">VUL-0: CVE-2016-6295: php: Use after free in SNMP with GC and unserialize()</issue>
  <issue id="991427" tracker="bnc">VUL-0: CVE-2016-6291: php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE</issue>
  <issue id="991426" tracker="bnc">VUL-0: CVE-2016-6297: php: Stack-based buffer overflow vulnerability in php_stream_zip_opener</issue>
  <issue id="991437" tracker="bnc">VUL-0: CVE-2016-6296: php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c</issue>
  <issue id="991430" tracker="bnc">VUL-0: php5,php7,php53: CVE-2016-5399: php, bzip2: Improper error handling in bzread()</issue>
  <issue id="991422" tracker="bnc">VUL-0: CVE-2016-6292: php: Null pointer dereference in exif_process_user_comment</issue>
  <issue id="988032" tracker="bnc">VUL-1: CVE-2016-6161: php: global out of bounds read when encoding gif from malformed input withgd2togif</issue>
  <issue id="991429" tracker="bnc">VUL-0: CVE-2016-6290: php: Use after free in unserialize() with Unexpected Session Deserialization</issue>
  <issue id="991428" tracker="bnc">VUL-0: CVE-2016-6289: php: Integer overflow leads to buffer overflow in virtual_file_ex</issue>
  <issue id="991434" tracker="bnc">VUL-0: CVE-2016-6207: php: Integer overflow error within _gdContributionsAlloc()</issue>
  <issue id="987580" tracker="bnc">VUL-1: CVE-2016-6128: php: Invalid color index not properly handled</issue>
  <issue id="995512" tracker="bnc">VUL-0: CVE-2016-4473: php5,php7,php53: Invalid free() instead of efree() in phar_extract_file()</issue>
  <issue id="997206" tracker="bnc">VUL-0: CVE-2016-7124: php5: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization</issue>
  <issue id="997207" tracker="bnc">VUL-0: CVE-2016-7125: php5, php7: PHP Session Data Injection Vulnerability</issue>
  <issue id="997208" tracker="bnc">VUL-0: CVE-2016-7126: php7: select_colors write out-of-bounds</issue>
  <issue id="997210" tracker="bnc">VUL-0: CVE-2016-7127: php7: imagegammacorrect allows arbitrary write access</issue>
  <issue id="997211" tracker="bnc">VUL-0: CVE-2016-7128: php7: Memory Leakage In exif_process_IFD_in_TIFF</issue>
  <issue id="997220" tracker="bnc">VUL-0: CVE-2016-7129: php5, php7: wddx_deserialize allows illegal memory access</issue>
  <issue id="997225" tracker="bnc">VUL-0: CVE-2016-7131: php7: wddx_deserialize null dereference with invalid xml</issue>
  <issue id="997230" tracker="bnc">VUL-0: CVE-2016-7132: php5, php7: wddx_deserialize null dereference in php_wddx_pop_element</issue>
  <issue id="997247" tracker="bnc">VUL-0: CVE-2016-7133: php7: memory allocator fails to realloc small block to large one</issue>
  <issue id="997248" tracker="bnc">VUL-0: CVE-2016-7134: php5, php7: Heap overflow in the function curl_escape</issue>
  <issue id="997257" tracker="bnc">VUL-0: CVE-2016-7130: php5, php7: wddx_deserialize null dereference</issue>
  <issue id="999679" tracker="bnc">VUL-0: CVE-2016-7413: php5, php53, php7: Use after free in wddx_deserialize</issue>
  <issue id="999680" tracker="bnc">VUL-0: CVE-2016-7412: php5, php7: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field</issue>
  <issue id="999684" tracker="bnc">VUL-0: CVE-2016-7417: php5, php7: Missing type check when unserializing SplArray</issue>
  <issue id="999685" tracker="bnc">VUL-0: CVE-2016-7416: php5, php7: Stack based buffer overflow in msgfmt_format_message</issue>
  <issue id="999819" tracker="bnc">VUL-0: CVE-2016-7418: php5, php7: Null pointer dereference in php_wddx_push_element</issue>
  <issue id="999820" tracker="bnc">VUL-0: CVE-2016-7414: php5, php7: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile</issue>
  <issue id="1001950" tracker="bnc">installing SUSE-SLE-Module-Web-Scripting-12-2016-1403 with zypper patch forces php7</issue>
  <issue id="999313" tracker="bnc">Cannot prevent update from PHP5 to PHP7 without addlock</issue>
  <issue id="2016-7412" tracker="cve"/>
  <issue id="2016-7413" tracker="cve"/>
  <issue id="2016-7414" tracker="cve"/>
  <issue id="2016-7416" tracker="cve"/>
  <issue id="2016-7417" tracker="cve"/>
  <issue id="2016-7418" tracker="cve"/>
  <issue id="2016-4473" tracker="cve"/>
  <issue id="2016-7124" tracker="cve"/>
  <issue id="2016-7125" tracker="cve"/>
  <issue id="2016-7126" tracker="cve"/>
  <issue id="2016-7127" tracker="cve"/>
  <issue id="2016-7128" tracker="cve"/>
  <issue id="2016-7129" tracker="cve"/>
  <issue id="2016-7130" tracker="cve"/>
  <issue id="2016-7131" tracker="cve"/>
  <issue id="2016-7132" tracker="cve"/>
  <issue id="2016-7133" tracker="cve"/>
  <issue id="2016-7134" tracker="cve"/>
  <issue id="2016-6128" tracker="cve"/>
  <issue id="2016-6161" tracker="cve"/>
  <issue id="2016-5399" tracker="cve"/>
  <issue id="2016-6207" tracker="cve"/>
  <issue id="2016-6292" tracker="cve"/>
  <issue id="2016-6290" tracker="cve"/>
  <issue id="2016-6291" tracker="cve"/>
  <issue id="2016-6296" tracker="cve"/>
  <issue id="2016-6297" tracker="cve"/>
  <issue id="2016-6295" tracker="cve"/>
  <issue id="2016-6289" tracker="cve"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>
This update for php7 fixes the following security issues:

* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
* CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
* CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]
* CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]
* CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]
* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]
* CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]
* CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]
* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]
* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]
* CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()
* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
* CVE-2016-7125: PHP Session Data Injection Vulnerability
* CVE-2016-7126: select_colors write out-of-bounds
* CVE-2016-7127: imagegammacorrect allowed arbitrary write access
* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
* CVE-2016-7129: wddx_deserialize allowed illegal memory access
* CVE-2016-7131: wddx_deserialize null dereference with invalid xml
* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
* CVE-2016-7133: memory allocator fails to realloc small block to large one
* CVE-2016-7134: Heap overflow in the function curl_escape
* CVE-2016-7130: wddx_deserialize null dereference
* CVE-2016-7413: Use after free in wddx_deserialize
* CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
* CVE-2016-7417: Missing type check when unserializing SplArray
* CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
* CVE-2016-7418: Null pointer dereference in php_wddx_push_element
* CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile
</description>
  <summary>Security update for php7</summary>
</patchinfo>