apache2-mod_php7-7.0.14-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10290-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apache2-mod_php7-7.0.14-1.4 on GA media These are all security issues fixed in the apache2-mod_php7-7.0.14-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10290 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-7243/ SUSE CVE CVE-2006-7243 page https://www.suse.com/security/cve/CVE-2010-2225/ SUSE CVE CVE-2010-2225 page https://www.suse.com/security/cve/CVE-2010-2950/ SUSE CVE CVE-2010-2950 page https://www.suse.com/security/cve/CVE-2010-3436/ SUSE CVE CVE-2010-3436 page https://www.suse.com/security/cve/CVE-2010-3709/ SUSE CVE CVE-2010-3709 page https://www.suse.com/security/cve/CVE-2010-3710/ SUSE CVE CVE-2010-3710 page https://www.suse.com/security/cve/CVE-2010-4150/ SUSE CVE CVE-2010-4150 page https://www.suse.com/security/cve/CVE-2010-4645/ SUSE CVE CVE-2010-4645 page https://www.suse.com/security/cve/CVE-2011-0420/ SUSE CVE CVE-2011-0420 page https://www.suse.com/security/cve/CVE-2011-0421/ SUSE CVE CVE-2011-0421 page https://www.suse.com/security/cve/CVE-2011-0708/ SUSE CVE CVE-2011-0708 page https://www.suse.com/security/cve/CVE-2011-1092/ SUSE CVE CVE-2011-1092 page https://www.suse.com/security/cve/CVE-2011-1153/ SUSE CVE CVE-2011-1153 page https://www.suse.com/security/cve/CVE-2011-1466/ SUSE CVE CVE-2011-1466 page https://www.suse.com/security/cve/CVE-2011-2202/ SUSE CVE CVE-2011-2202 page https://www.suse.com/security/cve/CVE-2011-3379/ SUSE CVE CVE-2011-3379 page https://www.suse.com/security/cve/CVE-2011-4153/ SUSE CVE CVE-2011-4153 page https://www.suse.com/security/cve/CVE-2011-4566/ SUSE CVE CVE-2011-4566 page https://www.suse.com/security/cve/CVE-2011-4718/ SUSE CVE CVE-2011-4718 page https://www.suse.com/security/cve/CVE-2011-4885/ SUSE CVE CVE-2011-4885 page https://www.suse.com/security/cve/CVE-2012-0830/ SUSE CVE CVE-2012-0830 page https://www.suse.com/security/cve/CVE-2012-1823/ SUSE CVE CVE-2012-1823 page https://www.suse.com/security/cve/CVE-2012-2311/ SUSE CVE CVE-2012-2311 page https://www.suse.com/security/cve/CVE-2012-2335/ SUSE CVE CVE-2012-2335 page https://www.suse.com/security/cve/CVE-2012-2336/ SUSE CVE CVE-2012-2336 page https://www.suse.com/security/cve/CVE-2012-2688/ SUSE CVE CVE-2012-2688 page https://www.suse.com/security/cve/CVE-2012-3365/ SUSE CVE CVE-2012-3365 page https://www.suse.com/security/cve/CVE-2013-1635/ SUSE CVE CVE-2013-1635 page https://www.suse.com/security/cve/CVE-2013-1643/ SUSE CVE CVE-2013-1643 page https://www.suse.com/security/cve/CVE-2013-1824/ SUSE CVE CVE-2013-1824 page https://www.suse.com/security/cve/CVE-2013-4113/ SUSE CVE CVE-2013-4113 page https://www.suse.com/security/cve/CVE-2013-4248/ SUSE CVE CVE-2013-4248 page https://www.suse.com/security/cve/CVE-2013-6420/ SUSE CVE CVE-2013-6420 page https://www.suse.com/security/cve/CVE-2013-6712/ SUSE CVE CVE-2013-6712 page https://www.suse.com/security/cve/CVE-2013-7327/ SUSE CVE CVE-2013-7327 page https://www.suse.com/security/cve/CVE-2013-7345/ SUSE CVE CVE-2013-7345 page https://www.suse.com/security/cve/CVE-2014-0185/ SUSE CVE CVE-2014-0185 page https://www.suse.com/security/cve/CVE-2014-0237/ SUSE CVE CVE-2014-0237 page https://www.suse.com/security/cve/CVE-2014-0238/ SUSE CVE CVE-2014-0238 page https://www.suse.com/security/cve/CVE-2014-1943/ SUSE CVE CVE-2014-1943 page https://www.suse.com/security/cve/CVE-2014-2270/ SUSE CVE CVE-2014-2270 page https://www.suse.com/security/cve/CVE-2014-2497/ SUSE CVE CVE-2014-2497 page https://www.suse.com/security/cve/CVE-2014-3538/ SUSE CVE CVE-2014-3538 page https://www.suse.com/security/cve/CVE-2014-3587/ SUSE CVE CVE-2014-3587 page https://www.suse.com/security/cve/CVE-2014-3597/ SUSE CVE CVE-2014-3597 page https://www.suse.com/security/cve/CVE-2014-3622/ SUSE CVE CVE-2014-3622 page https://www.suse.com/security/cve/CVE-2014-3668/ SUSE CVE CVE-2014-3668 page https://www.suse.com/security/cve/CVE-2014-3669/ SUSE CVE CVE-2014-3669 page https://www.suse.com/security/cve/CVE-2014-3670/ SUSE CVE CVE-2014-3670 page https://www.suse.com/security/cve/CVE-2014-4049/ SUSE CVE CVE-2014-4049 page https://www.suse.com/security/cve/CVE-2014-4670/ SUSE CVE CVE-2014-4670 page https://www.suse.com/security/cve/CVE-2014-4698/ SUSE CVE CVE-2014-4698 page https://www.suse.com/security/cve/CVE-2014-5120/ SUSE CVE CVE-2014-5120 page https://www.suse.com/security/cve/CVE-2014-5459/ SUSE CVE CVE-2014-5459 page https://www.suse.com/security/cve/CVE-2014-9426/ SUSE CVE CVE-2014-9426 page https://www.suse.com/security/cve/CVE-2014-9427/ SUSE CVE CVE-2014-9427 page https://www.suse.com/security/cve/CVE-2015-0231/ SUSE CVE CVE-2015-0231 page https://www.suse.com/security/cve/CVE-2015-0232/ SUSE CVE CVE-2015-0232 page https://www.suse.com/security/cve/CVE-2015-0235/ SUSE CVE CVE-2015-0235 page https://www.suse.com/security/cve/CVE-2015-0273/ SUSE CVE CVE-2015-0273 page https://www.suse.com/security/cve/CVE-2015-1351/ SUSE CVE CVE-2015-1351 page https://www.suse.com/security/cve/CVE-2015-1352/ SUSE CVE CVE-2015-1352 page https://www.suse.com/security/cve/CVE-2015-2305/ SUSE CVE CVE-2015-2305 page https://www.suse.com/security/cve/CVE-2015-2325/ SUSE CVE CVE-2015-2325 page https://www.suse.com/security/cve/CVE-2015-2326/ SUSE CVE CVE-2015-2326 page https://www.suse.com/security/cve/CVE-2015-2331/ SUSE CVE CVE-2015-2331 page https://www.suse.com/security/cve/CVE-2015-3152/ SUSE CVE CVE-2015-3152 page https://www.suse.com/security/cve/CVE-2015-3414/ SUSE CVE CVE-2015-3414 page https://www.suse.com/security/cve/CVE-2015-3415/ SUSE CVE CVE-2015-3415 page https://www.suse.com/security/cve/CVE-2015-3416/ SUSE CVE CVE-2015-3416 page openSUSE Tumbleweed apache2-mod_php7-7.0.14-1.4 php7-7.0.14-1.4 php7-bcmath-7.0.14-1.4 php7-bz2-7.0.14-1.4 php7-calendar-7.0.14-1.4 php7-ctype-7.0.14-1.4 php7-curl-7.0.14-1.4 php7-dba-7.0.14-1.4 php7-devel-7.0.14-1.4 php7-dom-7.0.14-1.4 php7-enchant-7.0.14-1.4 php7-exif-7.0.14-1.4 php7-fastcgi-7.0.14-1.4 php7-fileinfo-7.0.14-1.4 php7-firebird-7.0.14-1.4 php7-fpm-7.0.14-1.4 php7-ftp-7.0.14-1.4 php7-gd-7.0.14-1.4 php7-gettext-7.0.14-1.4 php7-gmp-7.0.14-1.4 php7-iconv-7.0.14-1.4 php7-imap-7.0.14-1.4 php7-intl-7.0.14-1.4 php7-json-7.0.14-1.4 php7-ldap-7.0.14-1.4 php7-mbstring-7.0.14-1.4 php7-mcrypt-7.0.14-1.4 php7-mysql-7.0.14-1.4 php7-odbc-7.0.14-1.4 php7-opcache-7.0.14-1.4 php7-openssl-7.0.14-1.4 php7-pcntl-7.0.14-1.4 php7-pdo-7.0.14-1.4 php7-pear-7.0.14-1.4 php7-pear-Archive_Tar-7.0.14-1.4 php7-pgsql-7.0.14-1.4 php7-phar-7.0.14-1.4 php7-posix-7.0.14-1.4 php7-pspell-7.0.14-1.4 php7-readline-7.0.14-1.4 php7-shmop-7.0.14-1.4 php7-snmp-7.0.14-1.4 php7-soap-7.0.14-1.4 php7-sockets-7.0.14-1.4 php7-sqlite-7.0.14-1.4 php7-sysvmsg-7.0.14-1.4 php7-sysvsem-7.0.14-1.4 php7-sysvshm-7.0.14-1.4 php7-tidy-7.0.14-1.4 php7-tokenizer-7.0.14-1.4 php7-wddx-7.0.14-1.4 php7-xmlreader-7.0.14-1.4 php7-xmlrpc-7.0.14-1.4 php7-xmlwriter-7.0.14-1.4 php7-xsl-7.0.14-1.4 php7-zip-7.0.14-1.4 php7-zlib-7.0.14-1.4 apache2-mod_php7-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-bcmath-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-bz2-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-calendar-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-ctype-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-curl-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-dba-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-devel-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-dom-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-enchant-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-exif-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-fastcgi-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-fileinfo-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-firebird-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-fpm-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-ftp-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-gd-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-gettext-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-gmp-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-iconv-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-imap-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-intl-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-json-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-ldap-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-mbstring-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-mcrypt-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-mysql-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-odbc-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-opcache-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-openssl-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pcntl-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pdo-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pear-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pear-Archive_Tar-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pgsql-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-phar-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-posix-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-pspell-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-readline-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-shmop-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-snmp-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-soap-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-sockets-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-sqlite-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-sysvmsg-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-sysvsem-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-sysvshm-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-tidy-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-tokenizer-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-wddx-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-xmlreader-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-xmlrpc-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-xmlwriter-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-xsl-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-zip-7.0.14-1.4 as a component of openSUSE Tumbleweed php7-zlib-7.0.14-1.4 as a component of openSUSE Tumbleweed PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2006-7243 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-7243.html CVE-2006-7243 https://bugzilla.suse.com/1067090 SUSE Bug 1067090 https://bugzilla.suse.com/654853 SUSE Bug 654853 https://bugzilla.suse.com/893855 SUSE Bug 893855 https://bugzilla.suse.com/924970 SUSE Bug 924970 https://bugzilla.suse.com/992991 SUSE Bug 992991 Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function. CVE-2010-2225 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2225.html CVE-2010-2225 https://bugzilla.suse.com/616232 SUSE Bug 616232 Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094. CVE-2010-2950 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-2950.html CVE-2010-2950 https://bugzilla.suse.com/633934 SUSE Bug 633934 fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. CVE-2010-3436 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3436.html CVE-2010-3436 https://bugzilla.suse.com/642733 SUSE Bug 642733 https://bugzilla.suse.com/992991 SUSE Bug 992991 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. CVE-2010-3709 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3709.html CVE-2010-3709 https://bugzilla.suse.com/660102 SUSE Bug 660102 https://bugzilla.suse.com/992991 SUSE Bug 992991 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3710 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-3710.html CVE-2010-3710 https://bugzilla.suse.com/649210 SUSE Bug 649210 Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. CVE-2010-4150 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4150.html CVE-2010-4150 https://bugzilla.suse.com/655968 SUSE Bug 655968 strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. CVE-2010-4645 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4645.html CVE-2010-4645 https://bugzilla.suse.com/662932 SUSE Bug 662932 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. CVE-2011-0420 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0420.html CVE-2011-0420 https://bugzilla.suse.com/672933 SUSE Bug 672933 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. CVE-2011-0421 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0421.html CVE-2011-0421 https://bugzilla.suse.com/681193 SUSE Bug 681193 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. CVE-2011-0708 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-0708.html CVE-2011-0708 https://bugzilla.suse.com/671710 SUSE Bug 671710 Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. CVE-2011-1092 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1092.html CVE-2011-1092 https://bugzilla.suse.com/677782 SUSE Bug 677782 Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. CVE-2011-1153 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1153.html CVE-2011-1153 https://bugzilla.suse.com/778941 SUSE Bug 778941 https://bugzilla.suse.com/992991 SUSE Bug 992991 Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. CVE-2011-1466 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-1466.html CVE-2011-1466 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." CVE-2011-2202 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-2202.html CVE-2011-2202 https://bugzilla.suse.com/699711 SUSE Bug 699711 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. CVE-2011-3379 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3379.html CVE-2011-3379 https://bugzilla.suse.com/728350 SUSE Bug 728350 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. CVE-2011-4153 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4153.html CVE-2011-4153 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2011-4566 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4566.html CVE-2011-4566 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. CVE-2011-4718 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4718.html CVE-2011-4718 https://bugzilla.suse.com/834813 SUSE Bug 834813 PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVE-2011-4885 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4885.html CVE-2011-4885 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. CVE-2012-0830 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0830.html CVE-2012-0830 https://bugzilla.suse.com/733590 SUSE Bug 733590 https://bugzilla.suse.com/736169 SUSE Bug 736169 https://bugzilla.suse.com/738221 SUSE Bug 738221 https://bugzilla.suse.com/741520 SUSE Bug 741520 https://bugzilla.suse.com/741859 SUSE Bug 741859 https://bugzilla.suse.com/742273 SUSE Bug 742273 https://bugzilla.suse.com/742806 SUSE Bug 742806 https://bugzilla.suse.com/743308 SUSE Bug 743308 https://bugzilla.suse.com/744966 SUSE Bug 744966 https://bugzilla.suse.com/746661 SUSE Bug 746661 https://bugzilla.suse.com/749111 SUSE Bug 749111 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. CVE-2012-1823 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1823.html CVE-2012-1823 https://bugzilla.suse.com/1226072 SUSE Bug 1226072 https://bugzilla.suse.com/1226073 SUSE Bug 1226073 https://bugzilla.suse.com/1226074 SUSE Bug 1226074 https://bugzilla.suse.com/760536 SUSE Bug 760536 https://bugzilla.suse.com/761631 SUSE Bug 761631 https://bugzilla.suse.com/850694 SUSE Bug 850694 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. CVE-2012-2311 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2311.html CVE-2012-2311 https://bugzilla.suse.com/760536 SUSE Bug 760536 https://bugzilla.suse.com/761631 SUSE Bug 761631 php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. CVE-2012-2335 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2335.html CVE-2012-2335 https://bugzilla.suse.com/761631 SUSE Bug 761631 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. CVE-2012-2336 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2336.html CVE-2012-2336 https://bugzilla.suse.com/761631 SUSE Bug 761631 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." CVE-2012-2688 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-2688.html CVE-2012-2688 https://bugzilla.suse.com/772582 SUSE Bug 772582 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. CVE-2012-3365 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-3365.html CVE-2012-3365 https://bugzilla.suse.com/772580 SUSE Bug 772580 https://bugzilla.suse.com/772582 SUSE Bug 772582 ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. CVE-2013-1635 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1635.html CVE-2013-1635 https://bugzilla.suse.com/807707 SUSE Bug 807707 The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. CVE-2013-1643 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1643.html CVE-2013-1643 https://bugzilla.suse.com/807707 SUSE Bug 807707 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. CVE-2013-1824 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1824.html CVE-2013-1824 https://bugzilla.suse.com/807707 SUSE Bug 807707 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. CVE-2013-4113 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4113.html CVE-2013-4113 https://bugzilla.suse.com/829207 SUSE Bug 829207 The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2013-4248 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4248.html CVE-2013-4248 https://bugzilla.suse.com/837746 SUSE Bug 837746 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. CVE-2013-6420 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6420.html CVE-2013-6420 https://bugzilla.suse.com/854880 SUSE Bug 854880 https://bugzilla.suse.com/880238 SUSE Bug 880238 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. CVE-2013-6712 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6712.html CVE-2013-6712 https://bugzilla.suse.com/853045 SUSE Bug 853045 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. CVE-2013-7327 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7327.html CVE-2013-7327 https://bugzilla.suse.com/864879 SUSE Bug 864879 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. CVE-2013-7345 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7345.html CVE-2013-7345 https://bugzilla.suse.com/869906 SUSE Bug 869906 https://bugzilla.suse.com/883306 SUSE Bug 883306 https://bugzilla.suse.com/987530 SUSE Bug 987530 sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0185.html CVE-2014-0185 https://bugzilla.suse.com/868624 SUSE Bug 868624 https://bugzilla.suse.com/875826 SUSE Bug 875826 https://bugzilla.suse.com/992991 SUSE Bug 992991 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. CVE-2014-0237 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0237.html CVE-2014-0237 https://bugzilla.suse.com/880905 SUSE Bug 880905 https://bugzilla.suse.com/992991 SUSE Bug 992991 The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. CVE-2014-0238 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0238.html CVE-2014-0238 https://bugzilla.suse.com/880904 SUSE Bug 880904 https://bugzilla.suse.com/992991 SUSE Bug 992991 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. CVE-2014-1943 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-1943.html CVE-2014-1943 https://bugzilla.suse.com/864343 SUSE Bug 864343 https://bugzilla.suse.com/864589 SUSE Bug 864589 https://bugzilla.suse.com/883306 SUSE Bug 883306 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. CVE-2014-2270 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2270.html CVE-2014-2270 https://bugzilla.suse.com/866750 SUSE Bug 866750 https://bugzilla.suse.com/883306 SUSE Bug 883306 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. CVE-2014-2497 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2497.html CVE-2014-2497 https://bugzilla.suse.com/868624 SUSE Bug 868624 file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. CVE-2014-3538 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3538.html CVE-2014-3538 https://bugzilla.suse.com/935225 SUSE Bug 935225 https://bugzilla.suse.com/987530 SUSE Bug 987530 Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. CVE-2014-3587 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3587.html CVE-2014-3587 https://bugzilla.suse.com/987530 SUSE Bug 987530 https://bugzilla.suse.com/992991 SUSE Bug 992991 https://bugzilla.suse.com/998845 SUSE Bug 998845 Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. CVE-2014-3597 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3597.html CVE-2014-3597 https://bugzilla.suse.com/893853 SUSE Bug 893853 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. CVE-2014-3622 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3622.html CVE-2014-3622 https://bugzilla.suse.com/900934 SUSE Bug 900934 Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. CVE-2014-3668 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3668.html CVE-2014-3668 https://bugzilla.suse.com/902368 SUSE Bug 902368 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. CVE-2014-3669 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3669.html CVE-2014-3669 https://bugzilla.suse.com/902360 SUSE Bug 902360 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. CVE-2014-3670 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3670.html CVE-2014-3670 https://bugzilla.suse.com/902357 SUSE Bug 902357 https://bugzilla.suse.com/980366 SUSE Bug 980366 Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. CVE-2014-4049 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4049.html CVE-2014-4049 https://bugzilla.suse.com/882992 SUSE Bug 882992 https://bugzilla.suse.com/893853 SUSE Bug 893853 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4670 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4670.html CVE-2014-4670 https://bugzilla.suse.com/886059 SUSE Bug 886059 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4698 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4698.html CVE-2014-4698 https://bugzilla.suse.com/886060 SUSE Bug 886060 https://bugzilla.suse.com/980366 SUSE Bug 980366 gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. CVE-2014-5120 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5120.html CVE-2014-5120 https://bugzilla.suse.com/1067090 SUSE Bug 1067090 https://bugzilla.suse.com/893855 SUSE Bug 893855 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. CVE-2014-5459 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 low 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-5459.html CVE-2014-5459 https://bugzilla.suse.com/893849 SUSE Bug 893849 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 ** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. CVE-2014-9426 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9426.html CVE-2014-9426 https://bugzilla.suse.com/911663 SUSE Bug 911663 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. CVE-2014-9427 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9427.html CVE-2014-9427 https://bugzilla.suse.com/911664 SUSE Bug 911664 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. CVE-2015-0231 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0231.html CVE-2015-0231 https://bugzilla.suse.com/910659 SUSE Bug 910659 https://bugzilla.suse.com/924972 SUSE Bug 924972 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. CVE-2015-0232 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0232.html CVE-2015-0232 https://bugzilla.suse.com/914690 SUSE Bug 914690 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/992991 SUSE Bug 992991 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVE-2015-0235 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0235.html CVE-2015-0235 https://bugzilla.suse.com/844309 SUSE Bug 844309 https://bugzilla.suse.com/913646 SUSE Bug 913646 https://bugzilla.suse.com/949238 SUSE Bug 949238 https://bugzilla.suse.com/954983 SUSE Bug 954983 Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. CVE-2015-0273 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-0273.html CVE-2015-0273 https://bugzilla.suse.com/917302 SUSE Bug 917302 https://bugzilla.suse.com/918768 SUSE Bug 918768 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-1351 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1351.html CVE-2015-1351 https://bugzilla.suse.com/1137633 SUSE Bug 1137633 The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. CVE-2015-1352 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1352.html CVE-2015-1352 https://bugzilla.suse.com/935274 SUSE Bug 935274 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. CVE-2015-2305 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2305.html CVE-2015-2305 https://bugzilla.suse.com/1040662 SUSE Bug 1040662 https://bugzilla.suse.com/921950 SUSE Bug 921950 https://bugzilla.suse.com/922022 SUSE Bug 922022 https://bugzilla.suse.com/922028 SUSE Bug 922028 https://bugzilla.suse.com/922030 SUSE Bug 922030 https://bugzilla.suse.com/922043 SUSE Bug 922043 https://bugzilla.suse.com/922560 SUSE Bug 922560 https://bugzilla.suse.com/922567 SUSE Bug 922567 https://bugzilla.suse.com/929192 SUSE Bug 929192 https://bugzilla.suse.com/980366 SUSE Bug 980366 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. CVE-2015-2325 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2325.html CVE-2015-2325 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE-2015-2326 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2326.html CVE-2015-2326 https://bugzilla.suse.com/924960 SUSE Bug 924960 https://bugzilla.suse.com/924961 SUSE Bug 924961 https://bugzilla.suse.com/933288 SUSE Bug 933288 https://bugzilla.suse.com/936408 SUSE Bug 936408 https://bugzilla.suse.com/958373 SUSE Bug 958373 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. CVE-2015-2331 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2331.html CVE-2015-2331 https://bugzilla.suse.com/922894 SUSE Bug 922894 https://bugzilla.suse.com/923240 SUSE Bug 923240 Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. CVE-2015-3152 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3152.html CVE-2015-3152 https://bugzilla.suse.com/1037590 SUSE Bug 1037590 https://bugzilla.suse.com/1047059 SUSE Bug 1047059 https://bugzilla.suse.com/1088681 SUSE Bug 1088681 https://bugzilla.suse.com/924663 SUSE Bug 924663 https://bugzilla.suse.com/928962 SUSE Bug 928962 https://bugzilla.suse.com/936407 SUSE Bug 936407 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. CVE-2015-3414 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3414.html CVE-2015-3414 https://bugzilla.suse.com/1085790 SUSE Bug 1085790 https://bugzilla.suse.com/1190372 SUSE Bug 1190372 https://bugzilla.suse.com/1193078 SUSE Bug 1193078 https://bugzilla.suse.com/928700 SUSE Bug 928700 https://bugzilla.suse.com/928701 SUSE Bug 928701 https://bugzilla.suse.com/928702 SUSE Bug 928702 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVE-2015-3415 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3415.html CVE-2015-3415 https://bugzilla.suse.com/1190372 SUSE Bug 1190372 https://bugzilla.suse.com/928700 SUSE Bug 928700 https://bugzilla.suse.com/928701 SUSE Bug 928701 https://bugzilla.suse.com/928702 SUSE Bug 928702 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. CVE-2015-3416 openSUSE Tumbleweed:apache2-mod_php7-7.0.14-1.4 openSUSE Tumbleweed:php7-7.0.14-1.4 openSUSE Tumbleweed:php7-bcmath-7.0.14-1.4 openSUSE Tumbleweed:php7-bz2-7.0.14-1.4 openSUSE Tumbleweed:php7-calendar-7.0.14-1.4 openSUSE Tumbleweed:php7-ctype-7.0.14-1.4 openSUSE Tumbleweed:php7-curl-7.0.14-1.4 openSUSE Tumbleweed:php7-dba-7.0.14-1.4 openSUSE Tumbleweed:php7-devel-7.0.14-1.4 openSUSE Tumbleweed:php7-dom-7.0.14-1.4 openSUSE Tumbleweed:php7-enchant-7.0.14-1.4 openSUSE Tumbleweed:php7-exif-7.0.14-1.4 openSUSE Tumbleweed:php7-fastcgi-7.0.14-1.4 openSUSE Tumbleweed:php7-fileinfo-7.0.14-1.4 openSUSE Tumbleweed:php7-firebird-7.0.14-1.4 openSUSE Tumbleweed:php7-fpm-7.0.14-1.4 openSUSE Tumbleweed:php7-ftp-7.0.14-1.4 openSUSE Tumbleweed:php7-gd-7.0.14-1.4 openSUSE Tumbleweed:php7-gettext-7.0.14-1.4 openSUSE Tumbleweed:php7-gmp-7.0.14-1.4 openSUSE Tumbleweed:php7-iconv-7.0.14-1.4 openSUSE Tumbleweed:php7-imap-7.0.14-1.4 openSUSE Tumbleweed:php7-intl-7.0.14-1.4 openSUSE Tumbleweed:php7-json-7.0.14-1.4 openSUSE Tumbleweed:php7-ldap-7.0.14-1.4 openSUSE Tumbleweed:php7-mbstring-7.0.14-1.4 openSUSE Tumbleweed:php7-mcrypt-7.0.14-1.4 openSUSE Tumbleweed:php7-mysql-7.0.14-1.4 openSUSE Tumbleweed:php7-odbc-7.0.14-1.4 openSUSE Tumbleweed:php7-opcache-7.0.14-1.4 openSUSE Tumbleweed:php7-openssl-7.0.14-1.4 openSUSE Tumbleweed:php7-pcntl-7.0.14-1.4 openSUSE Tumbleweed:php7-pdo-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-7.0.14-1.4 openSUSE Tumbleweed:php7-pear-Archive_Tar-7.0.14-1.4 openSUSE Tumbleweed:php7-pgsql-7.0.14-1.4 openSUSE Tumbleweed:php7-phar-7.0.14-1.4 openSUSE Tumbleweed:php7-posix-7.0.14-1.4 openSUSE Tumbleweed:php7-pspell-7.0.14-1.4 openSUSE Tumbleweed:php7-readline-7.0.14-1.4 openSUSE Tumbleweed:php7-shmop-7.0.14-1.4 openSUSE Tumbleweed:php7-snmp-7.0.14-1.4 openSUSE Tumbleweed:php7-soap-7.0.14-1.4 openSUSE Tumbleweed:php7-sockets-7.0.14-1.4 openSUSE Tumbleweed:php7-sqlite-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvmsg-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvsem-7.0.14-1.4 openSUSE Tumbleweed:php7-sysvshm-7.0.14-1.4 openSUSE Tumbleweed:php7-tidy-7.0.14-1.4 openSUSE Tumbleweed:php7-tokenizer-7.0.14-1.4 openSUSE Tumbleweed:php7-wddx-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlreader-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlrpc-7.0.14-1.4 openSUSE Tumbleweed:php7-xmlwriter-7.0.14-1.4 openSUSE Tumbleweed:php7-xsl-7.0.14-1.4 openSUSE Tumbleweed:php7-zip-7.0.14-1.4 openSUSE Tumbleweed:php7-zlib-7.0.14-1.4 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3416.html CVE-2015-3416 https://bugzilla.suse.com/1190372 SUSE Bug 1190372 https://bugzilla.suse.com/928700 SUSE Bug 928700 https://bugzilla.suse.com/928701 SUSE Bug 928701 https://bugzilla.suse.com/928702 SUSE Bug 928702