File _patchinfo of Package patchinfo.5286
<patchinfo incident="5286"> <packager>pgajdos</packager> <issue tracker="bnc" id="1047454">VUL-0: CVE-2016-10397: php5,php53: parse_url() in PHP < 5.6.28 can be bypassed to return fake host</issue> <issue tracker="bnc" id="1048094">VUL-1: CVE-2017-11147: php5,php7,php53: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information due t</issue> <issue tracker="bnc" id="1048111">VUL-0: CVE-2017-11146:php5, php7: lack of bounds checks in timelib_meridian parse code could lead to information leak</issue> <issue tracker="bnc" id="1048112">VUL-0: CVE-2017-11145:php5, php7: lack of bounds check in timelib_meridian coud lead to information leak</issue> <issue tracker="bnc" id="1048096">VUL-1: CVE-2017-11144: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash of t</issue> <issue tracker="bnc" id="1048097">VUL-0: CVE-2017-11143: php5,php7,php53: In PHP before 5.6.31, an invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter, related to an in</issue> <issue tracker="cve" id="2016-10397"></issue> <issue tracker="cve" id="2017-11143"></issue> <issue tracker="cve" id="2017-11144"></issue> <issue tracker="cve" id="2017-11145"></issue> <issue tracker="cve" id="2017-11146"></issue> <issue tracker="cve" id="2017-11147"></issue> <issue tracker="bnc" id="986386">VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow</issue> <issue tracker="cve" id="2016-5766"></issue> <issue tracker="cve" id="2017-11628"></issue> <issue tracker="bnc" id="1050726">VUL-1: CVE-2017-11628: php5,php7,php53: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c</issue> <issue tracker="cve" id="2017-7890"></issue> <issue tracker="bnc" id="1050241">VUL-1: CVE-2017-7890: php5,php7,php53: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function</issue> <category>security</category> <rating>moderate</rating> <summary>Security update for php5</summary> <description>This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) </description> </patchinfo>
