Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1922-1 Final 1 1 2016-07-31T23:08:57Z current 2016-07-31T23:08:57Z 2016-07-31T23:08:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following issues: * It is possible to launch a web server with 'php -S localhost:8080' It used to be possible to set an arbitrary $HTTP_PROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request (CVE-2016-5385). As a result, these server components would potentially direct all their outgoing HTTP traffic through a malicious proxy server. This patch fixes the issue: the updated php server ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes. (bnc#988486) * There was multiple cases where a remote attacker could trigger a double free and, given specific PHP code using callbacks, trigger code execution vectors. (bnc#986246,bnc#986244,CVE-2016-5768,CVE-2016-5772) * It was possible to inject header or content information (XSS) when a user was using internet explorer as the browser. (bnc#986004, CVE-2015-8935) * In several cases it was possible for a integer overflow to trigger an excessive memory allocation (bnc#986392, bnc#986388, bnc#986386, bnc#986393, CVE-2016-5770, CVE-2016-5769, CVE-2016-5766, CVE-2016-5767) * It was possible for an attacker to abuse the garbage collector to free a target array. At this point an attacker could craft a fake zval object and exploit the PHP process by taking over the EIP/RIP. (bnc#986391, CVE-2016-5771) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html E-Mail link for openSUSE-SU-2016:1922-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 apache2-mod_php5-5.5.14-56.1 php5-5.5.14-56.1 php5-bcmath-5.5.14-56.1 php5-bz2-5.5.14-56.1 php5-calendar-5.5.14-56.1 php5-ctype-5.5.14-56.1 php5-curl-5.5.14-56.1 php5-dba-5.5.14-56.1 php5-devel-5.5.14-56.1 php5-dom-5.5.14-56.1 php5-enchant-5.5.14-56.1 php5-exif-5.5.14-56.1 php5-fastcgi-5.5.14-56.1 php5-fileinfo-5.5.14-56.1 php5-firebird-5.5.14-56.1 php5-fpm-5.5.14-56.1 php5-ftp-5.5.14-56.1 php5-gd-5.5.14-56.1 php5-gettext-5.5.14-56.1 php5-gmp-5.5.14-56.1 php5-iconv-5.5.14-56.1 php5-imap-5.5.14-56.1 php5-intl-5.5.14-56.1 php5-json-5.5.14-56.1 php5-ldap-5.5.14-56.1 php5-mbstring-5.5.14-56.1 php5-mcrypt-5.5.14-56.1 php5-mssql-5.5.14-56.1 php5-mysql-5.5.14-56.1 php5-odbc-5.5.14-56.1 php5-opcache-5.5.14-56.1 php5-openssl-5.5.14-56.1 php5-pcntl-5.5.14-56.1 php5-pdo-5.5.14-56.1 php5-pear-5.5.14-56.1 php5-pgsql-5.5.14-56.1 php5-phar-5.5.14-56.1 php5-posix-5.5.14-56.1 php5-pspell-5.5.14-56.1 php5-readline-5.5.14-56.1 php5-shmop-5.5.14-56.1 php5-snmp-5.5.14-56.1 php5-soap-5.5.14-56.1 php5-sockets-5.5.14-56.1 php5-sqlite-5.5.14-56.1 php5-suhosin-5.5.14-56.1 php5-sysvmsg-5.5.14-56.1 php5-sysvsem-5.5.14-56.1 php5-sysvshm-5.5.14-56.1 php5-tidy-5.5.14-56.1 php5-tokenizer-5.5.14-56.1 php5-wddx-5.5.14-56.1 php5-xmlreader-5.5.14-56.1 php5-xmlrpc-5.5.14-56.1 php5-xmlwriter-5.5.14-56.1 php5-xsl-5.5.14-56.1 php5-zip-5.5.14-56.1 php5-zlib-5.5.14-56.1 apache2-mod_php5-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-bcmath-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-bz2-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-calendar-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-ctype-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-curl-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-dba-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-devel-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-dom-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-enchant-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-exif-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-fastcgi-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-fileinfo-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-firebird-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-fpm-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-ftp-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-gd-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-gettext-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-gmp-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-iconv-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-imap-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-intl-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-json-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-ldap-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-mbstring-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-mcrypt-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-mssql-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-mysql-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-odbc-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-opcache-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-openssl-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-pcntl-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-pdo-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-pear-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-pgsql-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-phar-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-posix-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-pspell-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-readline-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-shmop-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-snmp-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-soap-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-sockets-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-sqlite-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-suhosin-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-sysvmsg-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-sysvsem-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-sysvshm-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-tidy-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-tokenizer-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-wddx-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-xmlreader-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-xmlrpc-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-xmlwriter-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-xsl-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-zip-5.5.14-56.1 as a component of openSUSE Leap 42.1 php5-zlib-5.5.14-56.1 as a component of openSUSE Leap 42.1 The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function. CVE-2015-8935 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2015-8935.html CVE-2015-8935 https://bugzilla.suse.com/986004 SUSE Bug 986004 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. CVE-2016-5385 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5385.html CVE-2016-5385 https://bugzilla.suse.com/988484 SUSE Bug 988484 https://bugzilla.suse.com/988486 SUSE Bug 988486 https://bugzilla.suse.com/988487 SUSE Bug 988487 https://bugzilla.suse.com/988488 SUSE Bug 988488 https://bugzilla.suse.com/988489 SUSE Bug 988489 https://bugzilla.suse.com/988491 SUSE Bug 988491 https://bugzilla.suse.com/988492 SUSE Bug 988492 https://bugzilla.suse.com/989125 SUSE Bug 989125 https://bugzilla.suse.com/989174 SUSE Bug 989174 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. CVE-2016-5766 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5766.html CVE-2016-5766 https://bugzilla.suse.com/986386 SUSE Bug 986386 Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. CVE-2016-5767 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5767.html CVE-2016-5767 https://bugzilla.suse.com/986393 SUSE Bug 986393 Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. CVE-2016-5768 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5768.html CVE-2016-5768 https://bugzilla.suse.com/986246 SUSE Bug 986246 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. CVE-2016-5769 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5769.html CVE-2016-5769 https://bugzilla.suse.com/986388 SUSE Bug 986388 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. CVE-2016-5770 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5770.html CVE-2016-5770 https://bugzilla.suse.com/986392 SUSE Bug 986392 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. CVE-2016-5771 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5771.html CVE-2016-5771 https://bugzilla.suse.com/986247 SUSE Bug 986247 https://bugzilla.suse.com/986391 SUSE Bug 986391 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. CVE-2016-5772 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-56.1 openSUSE Leap 42.1:php5-5.5.14-56.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-56.1 openSUSE Leap 42.1:php5-bz2-5.5.14-56.1 openSUSE Leap 42.1:php5-calendar-5.5.14-56.1 openSUSE Leap 42.1:php5-ctype-5.5.14-56.1 openSUSE Leap 42.1:php5-curl-5.5.14-56.1 openSUSE Leap 42.1:php5-dba-5.5.14-56.1 openSUSE Leap 42.1:php5-devel-5.5.14-56.1 openSUSE Leap 42.1:php5-dom-5.5.14-56.1 openSUSE Leap 42.1:php5-enchant-5.5.14-56.1 openSUSE Leap 42.1:php5-exif-5.5.14-56.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-56.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-56.1 openSUSE Leap 42.1:php5-firebird-5.5.14-56.1 openSUSE Leap 42.1:php5-fpm-5.5.14-56.1 openSUSE Leap 42.1:php5-ftp-5.5.14-56.1 openSUSE Leap 42.1:php5-gd-5.5.14-56.1 openSUSE Leap 42.1:php5-gettext-5.5.14-56.1 openSUSE Leap 42.1:php5-gmp-5.5.14-56.1 openSUSE Leap 42.1:php5-iconv-5.5.14-56.1 openSUSE Leap 42.1:php5-imap-5.5.14-56.1 openSUSE Leap 42.1:php5-intl-5.5.14-56.1 openSUSE Leap 42.1:php5-json-5.5.14-56.1 openSUSE Leap 42.1:php5-ldap-5.5.14-56.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-56.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-56.1 openSUSE Leap 42.1:php5-mssql-5.5.14-56.1 openSUSE Leap 42.1:php5-mysql-5.5.14-56.1 openSUSE Leap 42.1:php5-odbc-5.5.14-56.1 openSUSE Leap 42.1:php5-opcache-5.5.14-56.1 openSUSE Leap 42.1:php5-openssl-5.5.14-56.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-56.1 openSUSE Leap 42.1:php5-pdo-5.5.14-56.1 openSUSE Leap 42.1:php5-pear-5.5.14-56.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-56.1 openSUSE Leap 42.1:php5-phar-5.5.14-56.1 openSUSE Leap 42.1:php5-posix-5.5.14-56.1 openSUSE Leap 42.1:php5-pspell-5.5.14-56.1 openSUSE Leap 42.1:php5-readline-5.5.14-56.1 openSUSE Leap 42.1:php5-shmop-5.5.14-56.1 openSUSE Leap 42.1:php5-snmp-5.5.14-56.1 openSUSE Leap 42.1:php5-soap-5.5.14-56.1 openSUSE Leap 42.1:php5-sockets-5.5.14-56.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-56.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-56.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-56.1 openSUSE Leap 42.1:php5-tidy-5.5.14-56.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-56.1 openSUSE Leap 42.1:php5-wddx-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-56.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-56.1 openSUSE Leap 42.1:php5-xsl-5.5.14-56.1 openSUSE Leap 42.1:php5-zip-5.5.14-56.1 openSUSE Leap 42.1:php5-zlib-5.5.14-56.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html https://www.suse.com/security/cve/CVE-2016-5772.html CVE-2016-5772 https://bugzilla.suse.com/986244 SUSE Bug 986244