Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1373-1 Final 1 1 2016-05-20T09:42:14Z current 2016-05-20T09:42:14Z 2016-05-20T09:42:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html E-Mail link for openSUSE-SU-2016:1373-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 apache2-mod_php5-5.5.14-47.1 php5-5.5.14-47.1 php5-bcmath-5.5.14-47.1 php5-bz2-5.5.14-47.1 php5-calendar-5.5.14-47.1 php5-ctype-5.5.14-47.1 php5-curl-5.5.14-47.1 php5-dba-5.5.14-47.1 php5-devel-5.5.14-47.1 php5-dom-5.5.14-47.1 php5-enchant-5.5.14-47.1 php5-exif-5.5.14-47.1 php5-fastcgi-5.5.14-47.1 php5-fileinfo-5.5.14-47.1 php5-firebird-5.5.14-47.1 php5-fpm-5.5.14-47.1 php5-ftp-5.5.14-47.1 php5-gd-5.5.14-47.1 php5-gettext-5.5.14-47.1 php5-gmp-5.5.14-47.1 php5-iconv-5.5.14-47.1 php5-imap-5.5.14-47.1 php5-intl-5.5.14-47.1 php5-json-5.5.14-47.1 php5-ldap-5.5.14-47.1 php5-mbstring-5.5.14-47.1 php5-mcrypt-5.5.14-47.1 php5-mssql-5.5.14-47.1 php5-mysql-5.5.14-47.1 php5-odbc-5.5.14-47.1 php5-opcache-5.5.14-47.1 php5-openssl-5.5.14-47.1 php5-pcntl-5.5.14-47.1 php5-pdo-5.5.14-47.1 php5-pear-5.5.14-47.1 php5-pgsql-5.5.14-47.1 php5-phar-5.5.14-47.1 php5-posix-5.5.14-47.1 php5-pspell-5.5.14-47.1 php5-readline-5.5.14-47.1 php5-shmop-5.5.14-47.1 php5-snmp-5.5.14-47.1 php5-soap-5.5.14-47.1 php5-sockets-5.5.14-47.1 php5-sqlite-5.5.14-47.1 php5-suhosin-5.5.14-47.1 php5-sysvmsg-5.5.14-47.1 php5-sysvsem-5.5.14-47.1 php5-sysvshm-5.5.14-47.1 php5-tidy-5.5.14-47.1 php5-tokenizer-5.5.14-47.1 php5-wddx-5.5.14-47.1 php5-xmlreader-5.5.14-47.1 php5-xmlrpc-5.5.14-47.1 php5-xmlwriter-5.5.14-47.1 php5-xsl-5.5.14-47.1 php5-zip-5.5.14-47.1 php5-zlib-5.5.14-47.1 apache2-mod_php5-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-bcmath-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-bz2-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-calendar-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-ctype-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-curl-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-dba-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-devel-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-dom-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-enchant-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-exif-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-fastcgi-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-fileinfo-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-firebird-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-fpm-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-ftp-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-gd-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-gettext-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-gmp-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-iconv-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-imap-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-intl-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-json-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-ldap-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-mbstring-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-mcrypt-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-mssql-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-mysql-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-odbc-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-opcache-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-openssl-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-pcntl-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-pdo-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-pear-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-pgsql-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-phar-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-posix-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-pspell-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-readline-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-shmop-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-snmp-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-soap-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-sockets-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-sqlite-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-suhosin-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-sysvmsg-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-sysvsem-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-sysvshm-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-tidy-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-tokenizer-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-wddx-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-xmlreader-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-xmlrpc-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-xmlwriter-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-xsl-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-zip-5.5.14-47.1 as a component of openSUSE Leap 42.1 php5-zlib-5.5.14-47.1 as a component of openSUSE Leap 42.1 ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. CVE-2015-8866 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-47.1 openSUSE Leap 42.1:php5-5.5.14-47.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-47.1 openSUSE Leap 42.1:php5-bz2-5.5.14-47.1 openSUSE Leap 42.1:php5-calendar-5.5.14-47.1 openSUSE Leap 42.1:php5-ctype-5.5.14-47.1 openSUSE Leap 42.1:php5-curl-5.5.14-47.1 openSUSE Leap 42.1:php5-dba-5.5.14-47.1 openSUSE Leap 42.1:php5-devel-5.5.14-47.1 openSUSE Leap 42.1:php5-dom-5.5.14-47.1 openSUSE Leap 42.1:php5-enchant-5.5.14-47.1 openSUSE Leap 42.1:php5-exif-5.5.14-47.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-47.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-47.1 openSUSE Leap 42.1:php5-firebird-5.5.14-47.1 openSUSE Leap 42.1:php5-fpm-5.5.14-47.1 openSUSE Leap 42.1:php5-ftp-5.5.14-47.1 openSUSE Leap 42.1:php5-gd-5.5.14-47.1 openSUSE Leap 42.1:php5-gettext-5.5.14-47.1 openSUSE Leap 42.1:php5-gmp-5.5.14-47.1 openSUSE Leap 42.1:php5-iconv-5.5.14-47.1 openSUSE Leap 42.1:php5-imap-5.5.14-47.1 openSUSE Leap 42.1:php5-intl-5.5.14-47.1 openSUSE Leap 42.1:php5-json-5.5.14-47.1 openSUSE Leap 42.1:php5-ldap-5.5.14-47.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-47.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-47.1 openSUSE Leap 42.1:php5-mssql-5.5.14-47.1 openSUSE Leap 42.1:php5-mysql-5.5.14-47.1 openSUSE Leap 42.1:php5-odbc-5.5.14-47.1 openSUSE Leap 42.1:php5-opcache-5.5.14-47.1 openSUSE Leap 42.1:php5-openssl-5.5.14-47.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-47.1 openSUSE Leap 42.1:php5-pdo-5.5.14-47.1 openSUSE Leap 42.1:php5-pear-5.5.14-47.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-47.1 openSUSE Leap 42.1:php5-phar-5.5.14-47.1 openSUSE Leap 42.1:php5-posix-5.5.14-47.1 openSUSE Leap 42.1:php5-pspell-5.5.14-47.1 openSUSE Leap 42.1:php5-readline-5.5.14-47.1 openSUSE Leap 42.1:php5-shmop-5.5.14-47.1 openSUSE Leap 42.1:php5-snmp-5.5.14-47.1 openSUSE Leap 42.1:php5-soap-5.5.14-47.1 openSUSE Leap 42.1:php5-sockets-5.5.14-47.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-47.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-47.1 openSUSE Leap 42.1:php5-tidy-5.5.14-47.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-47.1 openSUSE Leap 42.1:php5-wddx-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-47.1 openSUSE Leap 42.1:php5-xsl-5.5.14-47.1 openSUSE Leap 42.1:php5-zip-5.5.14-47.1 openSUSE Leap 42.1:php5-zlib-5.5.14-47.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html https://www.suse.com/security/cve/CVE-2015-8866.html CVE-2015-8866 https://bugzilla.suse.com/976996 SUSE Bug 976996 https://bugzilla.suse.com/980366 SUSE Bug 980366 The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. CVE-2015-8867 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-47.1 openSUSE Leap 42.1:php5-5.5.14-47.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-47.1 openSUSE Leap 42.1:php5-bz2-5.5.14-47.1 openSUSE Leap 42.1:php5-calendar-5.5.14-47.1 openSUSE Leap 42.1:php5-ctype-5.5.14-47.1 openSUSE Leap 42.1:php5-curl-5.5.14-47.1 openSUSE Leap 42.1:php5-dba-5.5.14-47.1 openSUSE Leap 42.1:php5-devel-5.5.14-47.1 openSUSE Leap 42.1:php5-dom-5.5.14-47.1 openSUSE Leap 42.1:php5-enchant-5.5.14-47.1 openSUSE Leap 42.1:php5-exif-5.5.14-47.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-47.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-47.1 openSUSE Leap 42.1:php5-firebird-5.5.14-47.1 openSUSE Leap 42.1:php5-fpm-5.5.14-47.1 openSUSE Leap 42.1:php5-ftp-5.5.14-47.1 openSUSE Leap 42.1:php5-gd-5.5.14-47.1 openSUSE Leap 42.1:php5-gettext-5.5.14-47.1 openSUSE Leap 42.1:php5-gmp-5.5.14-47.1 openSUSE Leap 42.1:php5-iconv-5.5.14-47.1 openSUSE Leap 42.1:php5-imap-5.5.14-47.1 openSUSE Leap 42.1:php5-intl-5.5.14-47.1 openSUSE Leap 42.1:php5-json-5.5.14-47.1 openSUSE Leap 42.1:php5-ldap-5.5.14-47.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-47.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-47.1 openSUSE Leap 42.1:php5-mssql-5.5.14-47.1 openSUSE Leap 42.1:php5-mysql-5.5.14-47.1 openSUSE Leap 42.1:php5-odbc-5.5.14-47.1 openSUSE Leap 42.1:php5-opcache-5.5.14-47.1 openSUSE Leap 42.1:php5-openssl-5.5.14-47.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-47.1 openSUSE Leap 42.1:php5-pdo-5.5.14-47.1 openSUSE Leap 42.1:php5-pear-5.5.14-47.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-47.1 openSUSE Leap 42.1:php5-phar-5.5.14-47.1 openSUSE Leap 42.1:php5-posix-5.5.14-47.1 openSUSE Leap 42.1:php5-pspell-5.5.14-47.1 openSUSE Leap 42.1:php5-readline-5.5.14-47.1 openSUSE Leap 42.1:php5-shmop-5.5.14-47.1 openSUSE Leap 42.1:php5-snmp-5.5.14-47.1 openSUSE Leap 42.1:php5-soap-5.5.14-47.1 openSUSE Leap 42.1:php5-sockets-5.5.14-47.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-47.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-47.1 openSUSE Leap 42.1:php5-tidy-5.5.14-47.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-47.1 openSUSE Leap 42.1:php5-wddx-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-47.1 openSUSE Leap 42.1:php5-xsl-5.5.14-47.1 openSUSE Leap 42.1:php5-zip-5.5.14-47.1 openSUSE Leap 42.1:php5-zlib-5.5.14-47.1 important 7.1 AV:N/AC:H/Au:N/C:C/I:C/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html https://www.suse.com/security/cve/CVE-2015-8867.html CVE-2015-8867 https://bugzilla.suse.com/977005 SUSE Bug 977005 https://bugzilla.suse.com/980366 SUSE Bug 980366 ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." CVE-2016-4070 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-47.1 openSUSE Leap 42.1:php5-5.5.14-47.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-47.1 openSUSE Leap 42.1:php5-bz2-5.5.14-47.1 openSUSE Leap 42.1:php5-calendar-5.5.14-47.1 openSUSE Leap 42.1:php5-ctype-5.5.14-47.1 openSUSE Leap 42.1:php5-curl-5.5.14-47.1 openSUSE Leap 42.1:php5-dba-5.5.14-47.1 openSUSE Leap 42.1:php5-devel-5.5.14-47.1 openSUSE Leap 42.1:php5-dom-5.5.14-47.1 openSUSE Leap 42.1:php5-enchant-5.5.14-47.1 openSUSE Leap 42.1:php5-exif-5.5.14-47.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-47.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-47.1 openSUSE Leap 42.1:php5-firebird-5.5.14-47.1 openSUSE Leap 42.1:php5-fpm-5.5.14-47.1 openSUSE Leap 42.1:php5-ftp-5.5.14-47.1 openSUSE Leap 42.1:php5-gd-5.5.14-47.1 openSUSE Leap 42.1:php5-gettext-5.5.14-47.1 openSUSE Leap 42.1:php5-gmp-5.5.14-47.1 openSUSE Leap 42.1:php5-iconv-5.5.14-47.1 openSUSE Leap 42.1:php5-imap-5.5.14-47.1 openSUSE Leap 42.1:php5-intl-5.5.14-47.1 openSUSE Leap 42.1:php5-json-5.5.14-47.1 openSUSE Leap 42.1:php5-ldap-5.5.14-47.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-47.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-47.1 openSUSE Leap 42.1:php5-mssql-5.5.14-47.1 openSUSE Leap 42.1:php5-mysql-5.5.14-47.1 openSUSE Leap 42.1:php5-odbc-5.5.14-47.1 openSUSE Leap 42.1:php5-opcache-5.5.14-47.1 openSUSE Leap 42.1:php5-openssl-5.5.14-47.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-47.1 openSUSE Leap 42.1:php5-pdo-5.5.14-47.1 openSUSE Leap 42.1:php5-pear-5.5.14-47.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-47.1 openSUSE Leap 42.1:php5-phar-5.5.14-47.1 openSUSE Leap 42.1:php5-posix-5.5.14-47.1 openSUSE Leap 42.1:php5-pspell-5.5.14-47.1 openSUSE Leap 42.1:php5-readline-5.5.14-47.1 openSUSE Leap 42.1:php5-shmop-5.5.14-47.1 openSUSE Leap 42.1:php5-snmp-5.5.14-47.1 openSUSE Leap 42.1:php5-soap-5.5.14-47.1 openSUSE Leap 42.1:php5-sockets-5.5.14-47.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-47.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-47.1 openSUSE Leap 42.1:php5-tidy-5.5.14-47.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-47.1 openSUSE Leap 42.1:php5-wddx-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-47.1 openSUSE Leap 42.1:php5-xsl-5.5.14-47.1 openSUSE Leap 42.1:php5-zip-5.5.14-47.1 openSUSE Leap 42.1:php5-zlib-5.5.14-47.1 important 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html https://www.suse.com/security/cve/CVE-2016-4070.html CVE-2016-4070 https://bugzilla.suse.com/976997 SUSE Bug 976997 https://bugzilla.suse.com/980366 SUSE Bug 980366 Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. CVE-2016-4071 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-47.1 openSUSE Leap 42.1:php5-5.5.14-47.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-47.1 openSUSE Leap 42.1:php5-bz2-5.5.14-47.1 openSUSE Leap 42.1:php5-calendar-5.5.14-47.1 openSUSE Leap 42.1:php5-ctype-5.5.14-47.1 openSUSE Leap 42.1:php5-curl-5.5.14-47.1 openSUSE Leap 42.1:php5-dba-5.5.14-47.1 openSUSE Leap 42.1:php5-devel-5.5.14-47.1 openSUSE Leap 42.1:php5-dom-5.5.14-47.1 openSUSE Leap 42.1:php5-enchant-5.5.14-47.1 openSUSE Leap 42.1:php5-exif-5.5.14-47.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-47.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-47.1 openSUSE Leap 42.1:php5-firebird-5.5.14-47.1 openSUSE Leap 42.1:php5-fpm-5.5.14-47.1 openSUSE Leap 42.1:php5-ftp-5.5.14-47.1 openSUSE Leap 42.1:php5-gd-5.5.14-47.1 openSUSE Leap 42.1:php5-gettext-5.5.14-47.1 openSUSE Leap 42.1:php5-gmp-5.5.14-47.1 openSUSE Leap 42.1:php5-iconv-5.5.14-47.1 openSUSE Leap 42.1:php5-imap-5.5.14-47.1 openSUSE Leap 42.1:php5-intl-5.5.14-47.1 openSUSE Leap 42.1:php5-json-5.5.14-47.1 openSUSE Leap 42.1:php5-ldap-5.5.14-47.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-47.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-47.1 openSUSE Leap 42.1:php5-mssql-5.5.14-47.1 openSUSE Leap 42.1:php5-mysql-5.5.14-47.1 openSUSE Leap 42.1:php5-odbc-5.5.14-47.1 openSUSE Leap 42.1:php5-opcache-5.5.14-47.1 openSUSE Leap 42.1:php5-openssl-5.5.14-47.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-47.1 openSUSE Leap 42.1:php5-pdo-5.5.14-47.1 openSUSE Leap 42.1:php5-pear-5.5.14-47.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-47.1 openSUSE Leap 42.1:php5-phar-5.5.14-47.1 openSUSE Leap 42.1:php5-posix-5.5.14-47.1 openSUSE Leap 42.1:php5-pspell-5.5.14-47.1 openSUSE Leap 42.1:php5-readline-5.5.14-47.1 openSUSE Leap 42.1:php5-shmop-5.5.14-47.1 openSUSE Leap 42.1:php5-snmp-5.5.14-47.1 openSUSE Leap 42.1:php5-soap-5.5.14-47.1 openSUSE Leap 42.1:php5-sockets-5.5.14-47.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-47.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-47.1 openSUSE Leap 42.1:php5-tidy-5.5.14-47.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-47.1 openSUSE Leap 42.1:php5-wddx-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-47.1 openSUSE Leap 42.1:php5-xsl-5.5.14-47.1 openSUSE Leap 42.1:php5-zip-5.5.14-47.1 openSUSE Leap 42.1:php5-zlib-5.5.14-47.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html https://www.suse.com/security/cve/CVE-2016-4071.html CVE-2016-4071 https://bugzilla.suse.com/977000 SUSE Bug 977000 Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. CVE-2016-4073 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-47.1 openSUSE Leap 42.1:php5-5.5.14-47.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-47.1 openSUSE Leap 42.1:php5-bz2-5.5.14-47.1 openSUSE Leap 42.1:php5-calendar-5.5.14-47.1 openSUSE Leap 42.1:php5-ctype-5.5.14-47.1 openSUSE Leap 42.1:php5-curl-5.5.14-47.1 openSUSE Leap 42.1:php5-dba-5.5.14-47.1 openSUSE Leap 42.1:php5-devel-5.5.14-47.1 openSUSE Leap 42.1:php5-dom-5.5.14-47.1 openSUSE Leap 42.1:php5-enchant-5.5.14-47.1 openSUSE Leap 42.1:php5-exif-5.5.14-47.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-47.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-47.1 openSUSE Leap 42.1:php5-firebird-5.5.14-47.1 openSUSE Leap 42.1:php5-fpm-5.5.14-47.1 openSUSE Leap 42.1:php5-ftp-5.5.14-47.1 openSUSE Leap 42.1:php5-gd-5.5.14-47.1 openSUSE Leap 42.1:php5-gettext-5.5.14-47.1 openSUSE Leap 42.1:php5-gmp-5.5.14-47.1 openSUSE Leap 42.1:php5-iconv-5.5.14-47.1 openSUSE Leap 42.1:php5-imap-5.5.14-47.1 openSUSE Leap 42.1:php5-intl-5.5.14-47.1 openSUSE Leap 42.1:php5-json-5.5.14-47.1 openSUSE Leap 42.1:php5-ldap-5.5.14-47.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-47.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-47.1 openSUSE Leap 42.1:php5-mssql-5.5.14-47.1 openSUSE Leap 42.1:php5-mysql-5.5.14-47.1 openSUSE Leap 42.1:php5-odbc-5.5.14-47.1 openSUSE Leap 42.1:php5-opcache-5.5.14-47.1 openSUSE Leap 42.1:php5-openssl-5.5.14-47.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-47.1 openSUSE Leap 42.1:php5-pdo-5.5.14-47.1 openSUSE Leap 42.1:php5-pear-5.5.14-47.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-47.1 openSUSE Leap 42.1:php5-phar-5.5.14-47.1 openSUSE Leap 42.1:php5-posix-5.5.14-47.1 openSUSE Leap 42.1:php5-pspell-5.5.14-47.1 openSUSE Leap 42.1:php5-readline-5.5.14-47.1 openSUSE Leap 42.1:php5-shmop-5.5.14-47.1 openSUSE Leap 42.1:php5-snmp-5.5.14-47.1 openSUSE Leap 42.1:php5-soap-5.5.14-47.1 openSUSE Leap 42.1:php5-sockets-5.5.14-47.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-47.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-47.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-47.1 openSUSE Leap 42.1:php5-tidy-5.5.14-47.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-47.1 openSUSE Leap 42.1:php5-wddx-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-47.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-47.1 openSUSE Leap 42.1:php5-xsl-5.5.14-47.1 openSUSE Leap 42.1:php5-zip-5.5.14-47.1 openSUSE Leap 42.1:php5-zlib-5.5.14-47.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html https://www.suse.com/security/cve/CVE-2016-4073.html CVE-2016-4073 https://bugzilla.suse.com/977003 SUSE Bug 977003 https://bugzilla.suse.com/980366 SUSE Bug 980366