Overview

File _patchinfo of Package patchinfo.2914

<patchinfo incident="2914">
  <packager>simotek</packager>
  <issue tracker="cve" id="2016-5385"></issue>
  <issue tracker="cve" id="2016-5768"></issue>
  <issue tracker="cve" id="2016-5772"></issue>
  <issue tracker="cve" id="2015-8935"></issue>
  <issue tracker="cve" id="2016-5770"></issue>
  <issue tracker="cve" id="2016-5771"></issue>
  <issue tracker="cve" id="2016-5769"></issue>
  <issue tracker="cve" id="2016-5766"></issue>
  <issue tracker="cve" id="2016-5767"></issue>
  <issue tracker="bnc" id="986246">VUL-0: CVE-2016-5768: php5,php53: _php_mb_regex_ereg_replace_exec - double free</issue>
  <issue tracker="bnc" id="986244">VUL-0: CVE-2016-5772: php5,php53:  Double Free Courruption in wddx_deserialize</issue>
  <issue tracker="bnc" id="986004">VUL-0: CVE-2015-8935: php5,php53: XSS in header() with Internet Explorer</issue>
  <issue tracker="bnc" id="986392">VUL-0: CVE-2016-5770: php5,php53: int/size_t confusion in SplFileObject::fread</issue>
  <issue tracker="bnc" id="986391">VUL-0: CVE-2016-5771: php5,php53: Use After Free Vulnerability in PHPs GC algorithm and unserialize</issue>
  <issue tracker="bnc" id="986388">VUL-0: CVE-2016-5769: php5,php53: mcrypt: Heap Overflow due to integer overflows</issue>
  <issue tracker="bnc" id="986386">VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow</issue>
  <issue tracker="bnc" id="986393">VUL-0: CVE-2016-5767: php5,php53: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow</issue>
  <issue tracker="bnc" id="988486">VUL-0: CVE-2016-5385: php5,php53: Setting HTTP_PROXY environment variable via Proxy header (httpoxy)</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for php5</summary>
  <description>This update for php5 fixes the following issues:

* It is possible to launch a web server with "php -S localhost:8080"
  It used to be possible to set an arbitrary $HTTP_PROXY environment variable
  for request handlers -- like CGI scripts -- by including a specially crafted
  HTTP header in the request (CVE-2016-5385). As a result, these server
  components would potentially direct all their outgoing HTTP traffic through a
  malicious proxy server. This patch fixes the issue: the updated php server
  ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes.
  (bnc#988486)
* There was multiple cases where a remote attacker could trigger a double free
  and, given specific PHP code using callbacks, trigger code execution vectors.
  (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772)
* It was possible to inject header or content information (XSS) when a user was 
  using internet explorer as the browser. (bnc#986004, CVE-2015-8935)
* In several cases it was possible for a integer overflow to trigger an 
  excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, 
  CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767)
* It was possible for an attacker to abuse the garbage collector to free a 
  target array. At this point an attacker could craft a fake zval object and 
  exploit the PHP process by taking over the EIP/RIP. (bnc#986391,
  CVE-2016-5771)</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places