Overview

File _patchinfo of Package patchinfo.2583

<patchinfo incident="2583">
  <issue id="978827" tracker="bnc">VUL-1: CVE-2016-4537, CVE-2016-4538: php5, php53: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition</issue>
  <issue id="977994" tracker="bnc">VUL-0: CVE-2016-4346: php: heap overflow in ext/standard/string.c</issue>
  <issue id="977991" tracker="bnc">VUL-0: CVE-2016-4342: php: Heap corruption in tar/zip/phar parser</issue>
  <issue id="978829" tracker="bnc">VUL-0: CVE-2016-4540, CVE-2016-4541: php5, php53: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset</issue>
  <issue id="978828" tracker="bnc">VUL-0: CVE-2016-4539: php5, php53: Malformed input causes segmentation fault in xml_parse_into_struct() function</issue>
  <issue id="978830" tracker="bnc">VUL-0: CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: php5, php53: Out-of-bounds heap memory read in exif_read_data() caused by malformed input</issue>
  <issue id="980366" tracker="bnc">VUL-0: CVE-2015-4116: php5, php53: Use-after-free vulnerability in the spl_ptr_heap_insert function </issue>
  <issue id="980375" tracker="bnc">VUL-0: CVE-2015-8874: php5, php53: Stack consumption vulnerability in GD</issue>
  <issue id="980373" tracker="bnc">VUL-0: CVE-2015-8873: php5, php53: Stack consumption vulnerability in Zend/zend_exceptions.c</issue>
  <issue id="CVE-2016-4540" tracker="cve" />
  <issue id="CVE-2016-4537" tracker="cve" />
  <issue id="CVE-2016-4543" tracker="cve" />
  <issue id="CVE-2016-4542" tracker="cve" />
  <issue id="CVE-2016-4541" tracker="cve" />
  <issue id="CVE-2016-4539" tracker="cve" />
  <issue id="CVE-2016-4544" tracker="cve" />
  <issue id="CVE-2016-4346" tracker="cve" />
  <issue id="CVE-2016-4342" tracker="cve" />
  <issue id="CVE-2016-4538" tracker="cve" />
  <issue id="CVE-2015-4116" tracker="cve" />
  <issue id="CVE-2015-8873" tracker="cve" />
  <issue id="CVE-2015-8874" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
This update for php5 fixes the following issues: 

Security issues fixed:
- CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994)
- CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991)
- CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827)
- CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828)
- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829)
- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830)
- CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function  (bsc#980366)
- CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373)
- CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places