Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2540-1 Final 1 1 2016-10-14T10:13:11Z current 2016-10-14T10:13:11Z 2016-10-14T10:13:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following security issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html E-Mail link for openSUSE-SU-2016:2540-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 apache2-mod_php5-5.5.14-62.1 php5-5.5.14-62.1 php5-bcmath-5.5.14-62.1 php5-bz2-5.5.14-62.1 php5-calendar-5.5.14-62.1 php5-ctype-5.5.14-62.1 php5-curl-5.5.14-62.1 php5-dba-5.5.14-62.1 php5-devel-5.5.14-62.1 php5-dom-5.5.14-62.1 php5-enchant-5.5.14-62.1 php5-exif-5.5.14-62.1 php5-fastcgi-5.5.14-62.1 php5-fileinfo-5.5.14-62.1 php5-firebird-5.5.14-62.1 php5-fpm-5.5.14-62.1 php5-ftp-5.5.14-62.1 php5-gd-5.5.14-62.1 php5-gettext-5.5.14-62.1 php5-gmp-5.5.14-62.1 php5-iconv-5.5.14-62.1 php5-imap-5.5.14-62.1 php5-intl-5.5.14-62.1 php5-json-5.5.14-62.1 php5-ldap-5.5.14-62.1 php5-mbstring-5.5.14-62.1 php5-mcrypt-5.5.14-62.1 php5-mssql-5.5.14-62.1 php5-mysql-5.5.14-62.1 php5-odbc-5.5.14-62.1 php5-opcache-5.5.14-62.1 php5-openssl-5.5.14-62.1 php5-pcntl-5.5.14-62.1 php5-pdo-5.5.14-62.1 php5-pear-5.5.14-62.1 php5-pgsql-5.5.14-62.1 php5-phar-5.5.14-62.1 php5-posix-5.5.14-62.1 php5-pspell-5.5.14-62.1 php5-readline-5.5.14-62.1 php5-shmop-5.5.14-62.1 php5-snmp-5.5.14-62.1 php5-soap-5.5.14-62.1 php5-sockets-5.5.14-62.1 php5-sqlite-5.5.14-62.1 php5-suhosin-5.5.14-62.1 php5-sysvmsg-5.5.14-62.1 php5-sysvsem-5.5.14-62.1 php5-sysvshm-5.5.14-62.1 php5-tidy-5.5.14-62.1 php5-tokenizer-5.5.14-62.1 php5-wddx-5.5.14-62.1 php5-xmlreader-5.5.14-62.1 php5-xmlrpc-5.5.14-62.1 php5-xmlwriter-5.5.14-62.1 php5-xsl-5.5.14-62.1 php5-zip-5.5.14-62.1 php5-zlib-5.5.14-62.1 apache2-mod_php5-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-bcmath-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-bz2-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-calendar-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-ctype-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-curl-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-dba-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-devel-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-dom-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-enchant-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-exif-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-fastcgi-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-fileinfo-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-firebird-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-fpm-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-ftp-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-gd-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-gettext-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-gmp-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-iconv-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-imap-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-intl-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-json-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-ldap-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-mbstring-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-mcrypt-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-mssql-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-mysql-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-odbc-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-opcache-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-openssl-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-pcntl-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-pdo-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-pear-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-pgsql-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-phar-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-posix-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-pspell-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-readline-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-shmop-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-snmp-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-soap-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-sockets-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-sqlite-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-suhosin-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-sysvmsg-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-sysvsem-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-sysvshm-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-tidy-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-tokenizer-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-wddx-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-xmlreader-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-xmlrpc-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-xmlwriter-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-xsl-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-zip-5.5.14-62.1 as a component of openSUSE Leap 42.1 php5-zlib-5.5.14-62.1 as a component of openSUSE Leap 42.1 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. CVE-2016-7411 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7411.html CVE-2016-7411 https://bugzilla.suse.com/999682 SUSE Bug 999682 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. CVE-2016-7412 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7412.html CVE-2016-7412 https://bugzilla.suse.com/999680 SUSE Bug 999680 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. CVE-2016-7413 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7413.html CVE-2016-7413 https://bugzilla.suse.com/999679 SUSE Bug 999679 The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. CVE-2016-7414 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7414.html CVE-2016-7414 https://bugzilla.suse.com/999820 SUSE Bug 999820 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. CVE-2016-7416 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7416.html CVE-2016-7416 https://bugzilla.suse.com/999685 SUSE Bug 999685 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. CVE-2016-7417 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7417.html CVE-2016-7417 https://bugzilla.suse.com/999684 SUSE Bug 999684 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. CVE-2016-7418 openSUSE Leap 42.1:apache2-mod_php5-5.5.14-62.1 openSUSE Leap 42.1:php5-5.5.14-62.1 openSUSE Leap 42.1:php5-bcmath-5.5.14-62.1 openSUSE Leap 42.1:php5-bz2-5.5.14-62.1 openSUSE Leap 42.1:php5-calendar-5.5.14-62.1 openSUSE Leap 42.1:php5-ctype-5.5.14-62.1 openSUSE Leap 42.1:php5-curl-5.5.14-62.1 openSUSE Leap 42.1:php5-dba-5.5.14-62.1 openSUSE Leap 42.1:php5-devel-5.5.14-62.1 openSUSE Leap 42.1:php5-dom-5.5.14-62.1 openSUSE Leap 42.1:php5-enchant-5.5.14-62.1 openSUSE Leap 42.1:php5-exif-5.5.14-62.1 openSUSE Leap 42.1:php5-fastcgi-5.5.14-62.1 openSUSE Leap 42.1:php5-fileinfo-5.5.14-62.1 openSUSE Leap 42.1:php5-firebird-5.5.14-62.1 openSUSE Leap 42.1:php5-fpm-5.5.14-62.1 openSUSE Leap 42.1:php5-ftp-5.5.14-62.1 openSUSE Leap 42.1:php5-gd-5.5.14-62.1 openSUSE Leap 42.1:php5-gettext-5.5.14-62.1 openSUSE Leap 42.1:php5-gmp-5.5.14-62.1 openSUSE Leap 42.1:php5-iconv-5.5.14-62.1 openSUSE Leap 42.1:php5-imap-5.5.14-62.1 openSUSE Leap 42.1:php5-intl-5.5.14-62.1 openSUSE Leap 42.1:php5-json-5.5.14-62.1 openSUSE Leap 42.1:php5-ldap-5.5.14-62.1 openSUSE Leap 42.1:php5-mbstring-5.5.14-62.1 openSUSE Leap 42.1:php5-mcrypt-5.5.14-62.1 openSUSE Leap 42.1:php5-mssql-5.5.14-62.1 openSUSE Leap 42.1:php5-mysql-5.5.14-62.1 openSUSE Leap 42.1:php5-odbc-5.5.14-62.1 openSUSE Leap 42.1:php5-opcache-5.5.14-62.1 openSUSE Leap 42.1:php5-openssl-5.5.14-62.1 openSUSE Leap 42.1:php5-pcntl-5.5.14-62.1 openSUSE Leap 42.1:php5-pdo-5.5.14-62.1 openSUSE Leap 42.1:php5-pear-5.5.14-62.1 openSUSE Leap 42.1:php5-pgsql-5.5.14-62.1 openSUSE Leap 42.1:php5-phar-5.5.14-62.1 openSUSE Leap 42.1:php5-posix-5.5.14-62.1 openSUSE Leap 42.1:php5-pspell-5.5.14-62.1 openSUSE Leap 42.1:php5-readline-5.5.14-62.1 openSUSE Leap 42.1:php5-shmop-5.5.14-62.1 openSUSE Leap 42.1:php5-snmp-5.5.14-62.1 openSUSE Leap 42.1:php5-soap-5.5.14-62.1 openSUSE Leap 42.1:php5-sockets-5.5.14-62.1 openSUSE Leap 42.1:php5-sqlite-5.5.14-62.1 openSUSE Leap 42.1:php5-suhosin-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvmsg-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvsem-5.5.14-62.1 openSUSE Leap 42.1:php5-sysvshm-5.5.14-62.1 openSUSE Leap 42.1:php5-tidy-5.5.14-62.1 openSUSE Leap 42.1:php5-tokenizer-5.5.14-62.1 openSUSE Leap 42.1:php5-wddx-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlreader-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlrpc-5.5.14-62.1 openSUSE Leap 42.1:php5-xmlwriter-5.5.14-62.1 openSUSE Leap 42.1:php5-xsl-5.5.14-62.1 openSUSE Leap 42.1:php5-zip-5.5.14-62.1 openSUSE Leap 42.1:php5-zlib-5.5.14-62.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00031.html https://www.suse.com/security/cve/CVE-2016-7418.html CVE-2016-7418 https://bugzilla.suse.com/999819 SUSE Bug 999819