Security update for php5
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:1922-1
Final
1
1
2016-07-31T23:08:57Z
current
2016-07-31T23:08:57Z
2016-07-31T23:08:57Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for php5
This update for php5 fixes the following issues:
* It is possible to launch a web server with 'php -S localhost:8080'
It used to be possible to set an arbitrary $HTTP_PROXY environment variable
for request handlers -- like CGI scripts -- by including a specially crafted
HTTP header in the request (CVE-2016-5385). As a result, these server
components would potentially direct all their outgoing HTTP traffic through a
malicious proxy server. This patch fixes the issue: the updated php server
ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes.
(bnc#988486)
* There was multiple cases where a remote attacker could trigger a double free
and, given specific PHP code using callbacks, trigger code execution vectors.
(bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772)
* It was possible to inject header or content information (XSS) when a user was
using internet explorer as the browser. (bnc#986004, CVE-2015-8935)
* In several cases it was possible for a integer overflow to trigger an
excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393,
CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767)
* It was possible for an attacker to abuse the garbage collector to free a
target array. At this point an attacker could craft a fake zval object and
exploit the PHP process by taking over the EIP/RIP. (bnc#986391,
CVE-2016-5771)
This update was imported from the SUSE:SLE-12:Update update project.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
E-Mail link for openSUSE-SU-2016:1922-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
apache2-mod_php5-5.5.14-56.1
php5-5.5.14-56.1
php5-bcmath-5.5.14-56.1
php5-bz2-5.5.14-56.1
php5-calendar-5.5.14-56.1
php5-ctype-5.5.14-56.1
php5-curl-5.5.14-56.1
php5-dba-5.5.14-56.1
php5-devel-5.5.14-56.1
php5-dom-5.5.14-56.1
php5-enchant-5.5.14-56.1
php5-exif-5.5.14-56.1
php5-fastcgi-5.5.14-56.1
php5-fileinfo-5.5.14-56.1
php5-firebird-5.5.14-56.1
php5-fpm-5.5.14-56.1
php5-ftp-5.5.14-56.1
php5-gd-5.5.14-56.1
php5-gettext-5.5.14-56.1
php5-gmp-5.5.14-56.1
php5-iconv-5.5.14-56.1
php5-imap-5.5.14-56.1
php5-intl-5.5.14-56.1
php5-json-5.5.14-56.1
php5-ldap-5.5.14-56.1
php5-mbstring-5.5.14-56.1
php5-mcrypt-5.5.14-56.1
php5-mssql-5.5.14-56.1
php5-mysql-5.5.14-56.1
php5-odbc-5.5.14-56.1
php5-opcache-5.5.14-56.1
php5-openssl-5.5.14-56.1
php5-pcntl-5.5.14-56.1
php5-pdo-5.5.14-56.1
php5-pear-5.5.14-56.1
php5-pgsql-5.5.14-56.1
php5-phar-5.5.14-56.1
php5-posix-5.5.14-56.1
php5-pspell-5.5.14-56.1
php5-readline-5.5.14-56.1
php5-shmop-5.5.14-56.1
php5-snmp-5.5.14-56.1
php5-soap-5.5.14-56.1
php5-sockets-5.5.14-56.1
php5-sqlite-5.5.14-56.1
php5-suhosin-5.5.14-56.1
php5-sysvmsg-5.5.14-56.1
php5-sysvsem-5.5.14-56.1
php5-sysvshm-5.5.14-56.1
php5-tidy-5.5.14-56.1
php5-tokenizer-5.5.14-56.1
php5-wddx-5.5.14-56.1
php5-xmlreader-5.5.14-56.1
php5-xmlrpc-5.5.14-56.1
php5-xmlwriter-5.5.14-56.1
php5-xsl-5.5.14-56.1
php5-zip-5.5.14-56.1
php5-zlib-5.5.14-56.1
apache2-mod_php5-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-bcmath-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-bz2-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-calendar-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-ctype-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-curl-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-dba-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-devel-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-dom-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-enchant-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-exif-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-fastcgi-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-fileinfo-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-firebird-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-fpm-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-ftp-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-gd-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-gettext-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-gmp-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-iconv-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-imap-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-intl-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-json-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-ldap-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-mbstring-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-mcrypt-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-mssql-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-mysql-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-odbc-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-opcache-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-openssl-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-pcntl-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-pdo-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-pear-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-pgsql-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-phar-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-posix-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-pspell-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-readline-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-shmop-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-snmp-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-soap-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-sockets-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-sqlite-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-suhosin-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-sysvmsg-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-sysvsem-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-sysvshm-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-tidy-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-tokenizer-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-wddx-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-xmlreader-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-xmlrpc-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-xmlwriter-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-xsl-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-zip-5.5.14-56.1 as a component of openSUSE Leap 42.1
php5-zlib-5.5.14-56.1 as a component of openSUSE Leap 42.1
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
CVE-2015-8935
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2015-8935.html
CVE-2015-8935
https://bugzilla.suse.com/986004
SUSE Bug 986004
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVE-2016-5385
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
5
AV:N/AC:L/Au:N/C:N/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5385.html
CVE-2016-5385
https://bugzilla.suse.com/988484
SUSE Bug 988484
https://bugzilla.suse.com/988486
SUSE Bug 988486
https://bugzilla.suse.com/988487
SUSE Bug 988487
https://bugzilla.suse.com/988488
SUSE Bug 988488
https://bugzilla.suse.com/988489
SUSE Bug 988489
https://bugzilla.suse.com/988491
SUSE Bug 988491
https://bugzilla.suse.com/988492
SUSE Bug 988492
https://bugzilla.suse.com/989125
SUSE Bug 989125
https://bugzilla.suse.com/989174
SUSE Bug 989174
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVE-2016-5766
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5766.html
CVE-2016-5766
https://bugzilla.suse.com/986386
SUSE Bug 986386
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
CVE-2016-5767
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5767.html
CVE-2016-5767
https://bugzilla.suse.com/986393
SUSE Bug 986393
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
CVE-2016-5768
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5768.html
CVE-2016-5768
https://bugzilla.suse.com/986246
SUSE Bug 986246
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
CVE-2016-5769
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5769.html
CVE-2016-5769
https://bugzilla.suse.com/986388
SUSE Bug 986388
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
CVE-2016-5770
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5770.html
CVE-2016-5770
https://bugzilla.suse.com/986392
SUSE Bug 986392
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
CVE-2016-5771
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5771.html
CVE-2016-5771
https://bugzilla.suse.com/986247
SUSE Bug 986247
https://bugzilla.suse.com/986391
SUSE Bug 986391
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
CVE-2016-5772
openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1
openSUSE Leap 42.1:php5-5.5.14-56.1
openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1
openSUSE Leap 42.1:php5-bz2-5.5.14-56.1
openSUSE Leap 42.1:php5-calendar-5.5.14-56.1
openSUSE Leap 42.1:php5-ctype-5.5.14-56.1
openSUSE Leap 42.1:php5-curl-5.5.14-56.1
openSUSE Leap 42.1:php5-dba-5.5.14-56.1
openSUSE Leap 42.1:php5-devel-5.5.14-56.1
openSUSE Leap 42.1:php5-dom-5.5.14-56.1
openSUSE Leap 42.1:php5-enchant-5.5.14-56.1
openSUSE Leap 42.1:php5-exif-5.5.14-56.1
openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1
openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1
openSUSE Leap 42.1:php5-firebird-5.5.14-56.1
openSUSE Leap 42.1:php5-fpm-5.5.14-56.1
openSUSE Leap 42.1:php5-ftp-5.5.14-56.1
openSUSE Leap 42.1:php5-gd-5.5.14-56.1
openSUSE Leap 42.1:php5-gettext-5.5.14-56.1
openSUSE Leap 42.1:php5-gmp-5.5.14-56.1
openSUSE Leap 42.1:php5-iconv-5.5.14-56.1
openSUSE Leap 42.1:php5-imap-5.5.14-56.1
openSUSE Leap 42.1:php5-intl-5.5.14-56.1
openSUSE Leap 42.1:php5-json-5.5.14-56.1
openSUSE Leap 42.1:php5-ldap-5.5.14-56.1
openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1
openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1
openSUSE Leap 42.1:php5-mssql-5.5.14-56.1
openSUSE Leap 42.1:php5-mysql-5.5.14-56.1
openSUSE Leap 42.1:php5-odbc-5.5.14-56.1
openSUSE Leap 42.1:php5-opcache-5.5.14-56.1
openSUSE Leap 42.1:php5-openssl-5.5.14-56.1
openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1
openSUSE Leap 42.1:php5-pdo-5.5.14-56.1
openSUSE Leap 42.1:php5-pear-5.5.14-56.1
openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1
openSUSE Leap 42.1:php5-phar-5.5.14-56.1
openSUSE Leap 42.1:php5-posix-5.5.14-56.1
openSUSE Leap 42.1:php5-pspell-5.5.14-56.1
openSUSE Leap 42.1:php5-readline-5.5.14-56.1
openSUSE Leap 42.1:php5-shmop-5.5.14-56.1
openSUSE Leap 42.1:php5-snmp-5.5.14-56.1
openSUSE Leap 42.1:php5-soap-5.5.14-56.1
openSUSE Leap 42.1:php5-sockets-5.5.14-56.1
openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1
openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1
openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1
openSUSE Leap 42.1:php5-tidy-5.5.14-56.1
openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1
openSUSE Leap 42.1:php5-wddx-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1
openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1
openSUSE Leap 42.1:php5-xsl-5.5.14-56.1
openSUSE Leap 42.1:php5-zip-5.5.14-56.1
openSUSE Leap 42.1:php5-zlib-5.5.14-56.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
https://www.suse.com/security/cve/CVE-2016-5772.html
CVE-2016-5772
https://bugzilla.suse.com/986244
SUSE Bug 986244