Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1173-1 Final 1 1 2016-04-28T13:58:08Z current 2016-04-28T13:58:08Z 2016-04-28T13:58:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] Note: we do not ship the phar extension currently, so we are not affected. - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html E-Mail link for openSUSE-SU-2016:1173-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 apache2-mod_php5-5.5.14-44.1 php5-5.5.14-44.1 php5-bcmath-5.5.14-44.1 php5-bz2-5.5.14-44.1 php5-calendar-5.5.14-44.1 php5-ctype-5.5.14-44.1 php5-curl-5.5.14-44.1 php5-dba-5.5.14-44.1 php5-devel-5.5.14-44.1 php5-dom-5.5.14-44.1 php5-enchant-5.5.14-44.1 php5-exif-5.5.14-44.1 php5-fastcgi-5.5.14-44.1 php5-fileinfo-5.5.14-44.1 php5-firebird-5.5.14-44.1 php5-fpm-5.5.14-44.1 php5-ftp-5.5.14-44.1 php5-gd-5.5.14-44.1 php5-gettext-5.5.14-44.1 php5-gmp-5.5.14-44.1 php5-iconv-5.5.14-44.1 php5-imap-5.5.14-44.1 php5-intl-5.5.14-44.1 php5-json-5.5.14-44.1 php5-ldap-5.5.14-44.1 php5-mbstring-5.5.14-44.1 php5-mcrypt-5.5.14-44.1 php5-mssql-5.5.14-44.1 php5-mysql-5.5.14-44.1 php5-odbc-5.5.14-44.1 php5-opcache-5.5.14-44.1 php5-openssl-5.5.14-44.1 php5-pcntl-5.5.14-44.1 php5-pdo-5.5.14-44.1 php5-pear-5.5.14-44.1 php5-pgsql-5.5.14-44.1 php5-phar-5.5.14-44.1 php5-posix-5.5.14-44.1 php5-pspell-5.5.14-44.1 php5-readline-5.5.14-44.1 php5-shmop-5.5.14-44.1 php5-snmp-5.5.14-44.1 php5-soap-5.5.14-44.1 php5-sockets-5.5.14-44.1 php5-sqlite-5.5.14-44.1 php5-suhosin-5.5.14-44.1 php5-sysvmsg-5.5.14-44.1 php5-sysvsem-5.5.14-44.1 php5-sysvshm-5.5.14-44.1 php5-tidy-5.5.14-44.1 php5-tokenizer-5.5.14-44.1 php5-wddx-5.5.14-44.1 php5-xmlreader-5.5.14-44.1 php5-xmlrpc-5.5.14-44.1 php5-xmlwriter-5.5.14-44.1 php5-xsl-5.5.14-44.1 php5-zip-5.5.14-44.1 php5-zlib-5.5.14-44.1 apache2-mod_php5-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-bcmath-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-bz2-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-calendar-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-ctype-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-curl-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-dba-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-devel-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-dom-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-enchant-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-exif-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-fastcgi-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-fileinfo-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-firebird-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-fpm-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-ftp-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-gd-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-gettext-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-gmp-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-iconv-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-imap-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-intl-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-json-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-ldap-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-mbstring-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-mcrypt-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-mssql-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-mysql-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-odbc-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-opcache-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-openssl-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-pcntl-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-pdo-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-pear-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-pgsql-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-phar-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-posix-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-pspell-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-readline-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-shmop-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-snmp-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-soap-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-sockets-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-sqlite-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-suhosin-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-sysvmsg-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-sysvsem-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-sysvshm-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-tidy-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-tokenizer-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-wddx-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-xmlreader-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-xmlrpc-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-xmlwriter-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-xsl-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-zip-5.5.14-44.1 as a component of openSUSE Leap 42.1 php5-zlib-5.5.14-44.1 as a component of openSUSE Leap 42.1 Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. CVE-2014-9767 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2014-9767.html CVE-2014-9767 https://bugzilla.suse.com/971612 SUSE Bug 971612 https://bugzilla.suse.com/980366 SUSE Bug 980366 The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. CVE-2015-8835 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2015-8835.html CVE-2015-8835 https://bugzilla.suse.com/973351 SUSE Bug 973351 https://bugzilla.suse.com/980366 SUSE Bug 980366 ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. CVE-2015-8838 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2015-8838.html CVE-2015-8838 https://bugzilla.suse.com/973792 SUSE Bug 973792 https://bugzilla.suse.com/980366 SUSE Bug 980366 Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. CVE-2016-2554 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2016-2554.html CVE-2016-2554 https://bugzilla.suse.com/968284 SUSE Bug 968284 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. CVE-2016-3141 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2016-3141.html CVE-2016-3141 https://bugzilla.suse.com/969821 SUSE Bug 969821 https://bugzilla.suse.com/980366 SUSE Bug 980366 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. CVE-2016-3142 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2016-3142.html CVE-2016-3142 https://bugzilla.suse.com/971912 SUSE Bug 971912 https://bugzilla.suse.com/980366 SUSE Bug 980366 The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. CVE-2016-3185 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-44.1 openSUSE Leap 42.1:php5-5.5.14-44.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-44.1 openSUSE Leap 42.1:php5-bz2-5.5.14-44.1 openSUSE Leap 42.1:php5-calendar-5.5.14-44.1 openSUSE Leap 42.1:php5-ctype-5.5.14-44.1 openSUSE Leap 42.1:php5-curl-5.5.14-44.1 openSUSE Leap 42.1:php5-dba-5.5.14-44.1 openSUSE Leap 42.1:php5-devel-5.5.14-44.1 openSUSE Leap 42.1:php5-dom-5.5.14-44.1 openSUSE Leap 42.1:php5-enchant-5.5.14-44.1 openSUSE Leap 42.1:php5-exif-5.5.14-44.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-44.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-44.1 openSUSE Leap 42.1:php5-firebird-5.5.14-44.1 openSUSE Leap 42.1:php5-fpm-5.5.14-44.1 openSUSE Leap 42.1:php5-ftp-5.5.14-44.1 openSUSE Leap 42.1:php5-gd-5.5.14-44.1 openSUSE Leap 42.1:php5-gettext-5.5.14-44.1 openSUSE Leap 42.1:php5-gmp-5.5.14-44.1 openSUSE Leap 42.1:php5-iconv-5.5.14-44.1 openSUSE Leap 42.1:php5-imap-5.5.14-44.1 openSUSE Leap 42.1:php5-intl-5.5.14-44.1 openSUSE Leap 42.1:php5-json-5.5.14-44.1 openSUSE Leap 42.1:php5-ldap-5.5.14-44.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-44.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-44.1 openSUSE Leap 42.1:php5-mssql-5.5.14-44.1 openSUSE Leap 42.1:php5-mysql-5.5.14-44.1 openSUSE Leap 42.1:php5-odbc-5.5.14-44.1 openSUSE Leap 42.1:php5-opcache-5.5.14-44.1 openSUSE Leap 42.1:php5-openssl-5.5.14-44.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-44.1 openSUSE Leap 42.1:php5-pdo-5.5.14-44.1 openSUSE Leap 42.1:php5-pear-5.5.14-44.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-44.1 openSUSE Leap 42.1:php5-phar-5.5.14-44.1 openSUSE Leap 42.1:php5-posix-5.5.14-44.1 openSUSE Leap 42.1:php5-pspell-5.5.14-44.1 openSUSE Leap 42.1:php5-readline-5.5.14-44.1 openSUSE Leap 42.1:php5-shmop-5.5.14-44.1 openSUSE Leap 42.1:php5-snmp-5.5.14-44.1 openSUSE Leap 42.1:php5-soap-5.5.14-44.1 openSUSE Leap 42.1:php5-sockets-5.5.14-44.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-44.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-44.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-44.1 openSUSE Leap 42.1:php5-tidy-5.5.14-44.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-44.1 openSUSE Leap 42.1:php5-wddx-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-44.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-44.1 openSUSE Leap 42.1:php5-xsl-5.5.14-44.1 openSUSE Leap 42.1:php5-zip-5.5.14-44.1 openSUSE Leap 42.1:php5-zlib-5.5.14-44.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html https://www.suse.com/security/cve/CVE-2016-3185.html CVE-2016-3185 https://bugzilla.suse.com/971611 SUSE Bug 971611 https://bugzilla.suse.com/973351 SUSE Bug 973351 https://bugzilla.suse.com/980366 SUSE Bug 980366