Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
patchinfo.7222
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7222
<patchinfo incident="7222"> <packager>pgajdos</packager> <issue tracker="bnc" id="1047454">VUL-0: CVE-2016-10397: php5,php53: parse_url() in PHP < 5.6.28 can be bypassed to return fake host</issue> <issue tracker="bnc" id="1048094">VUL-1: CVE-2017-11147: php5,php7,php53: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information due t</issue> <issue tracker="bnc" id="1048111">VUL-0: CVE-2017-11146:php5, php7: lack of bounds checks in timelib_meridian parse code could lead to information leak</issue> <issue tracker="bnc" id="1048112">VUL-0: CVE-2017-11145:php5, php7: lack of bounds check in timelib_meridian coud lead to information leak</issue> <issue tracker="bnc" id="1048096">VUL-1: CVE-2017-11144: php5,php7,php53: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash of t</issue> <issue tracker="bnc" id="1048097">VUL-0: CVE-2017-11143: php5,php7,php53: In PHP before 5.6.31, an invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter, related to an in</issue> <issue tracker="cve" id="2016-10397"></issue> <issue tracker="cve" id="2017-11143"></issue> <issue tracker="cve" id="2017-11144"></issue> <issue tracker="cve" id="2017-11145"></issue> <issue tracker="cve" id="2017-11146"></issue> <issue tracker="cve" id="2017-11147"></issue> <issue tracker="bnc" id="986386">VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow</issue> <issue tracker="cve" id="2016-5766"></issue> <issue tracker="cve" id="2017-11628"></issue> <issue tracker="bnc" id="1050726">VUL-1: CVE-2017-11628: php5,php7,php53: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c</issue> <issue tracker="cve" id="2017-7890"></issue> <issue tracker="bnc" id="1050241">VUL-1: CVE-2017-7890: php5,php7,php53: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function</issue> <category>security</category> <rating>moderate</rating> <summary>Security update for php5</summary> <description>This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project.</description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor