File _patchinfo of Package patchinfo.2457
<patchinfo incident="2457"> <issue id="977003" tracker="bnc">VUL-0: CVE-2016-4073: php5,php53: mb_strcut() function incorrectly handle string length calculations</issue> <issue id="977005" tracker="bnc">VUL-0: CVE-2015-8867: php5,php53: openssl_random_pseudo_bytes() is not cryptographically secure</issue> <issue id="976996" tracker="bnc">VUL-0: CVE-2015-8866: php5,php53: libxml_disable_entity_loader() setting is shared between threads</issue> <issue id="976997" tracker="bnc">VUL-1: CVE-2016-4070: php5,php53: Integer overflow in php_raw_url_encode</issue> <issue id="977000" tracker="bnc">VUL-0: CVE-2016-4071: php5,php53: php_snmp_error() Format String Vulnerability</issue> <issue id="CVE-2016-4073" tracker="cve" /> <issue id="CVE-2016-4071" tracker="cve" /> <issue id="CVE-2016-4070" tracker="cve" /> <issue id="CVE-2015-8867" tracker="cve" /> <issue id="CVE-2015-8866" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description>This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000) </description> <summary>Security update for php5</summary> </patchinfo>
