Security update for php7 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0588-1 Final 1 1 2017-03-02T10:49:01Z current 2017-03-02T10:49:01Z 2017-03-02T10:49:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php7 This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may have lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. (bsc#1019547) - CVE-2016-7478: Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. (bsc#1019550) - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. (bsc#1022255) - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. (bsc#1022257) - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. (bsc#1022260) - CVE-2016-10162: The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7 allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. (bsc#1022262) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to php out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption (bsc#1022265) - CVE-2016-9138: PHP mishandled property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. (bsc#1008026) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html E-Mail link for openSUSE-SU-2017:0588-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 apache2-mod_php7-7.0.7-12.1 php7-7.0.7-12.1 php7-bcmath-7.0.7-12.1 php7-bz2-7.0.7-12.1 php7-calendar-7.0.7-12.1 php7-ctype-7.0.7-12.1 php7-curl-7.0.7-12.1 php7-dba-7.0.7-12.1 php7-devel-7.0.7-12.1 php7-dom-7.0.7-12.1 php7-enchant-7.0.7-12.1 php7-exif-7.0.7-12.1 php7-fastcgi-7.0.7-12.1 php7-fileinfo-7.0.7-12.1 php7-firebird-7.0.7-12.1 php7-fpm-7.0.7-12.1 php7-ftp-7.0.7-12.1 php7-gd-7.0.7-12.1 php7-gettext-7.0.7-12.1 php7-gmp-7.0.7-12.1 php7-iconv-7.0.7-12.1 php7-imap-7.0.7-12.1 php7-intl-7.0.7-12.1 php7-json-7.0.7-12.1 php7-ldap-7.0.7-12.1 php7-mbstring-7.0.7-12.1 php7-mcrypt-7.0.7-12.1 php7-mysql-7.0.7-12.1 php7-odbc-7.0.7-12.1 php7-opcache-7.0.7-12.1 php7-openssl-7.0.7-12.1 php7-pcntl-7.0.7-12.1 php7-pdo-7.0.7-12.1 php7-pear-7.0.7-12.1 php7-pear-Archive_Tar-7.0.7-12.1 php7-pgsql-7.0.7-12.1 php7-phar-7.0.7-12.1 php7-posix-7.0.7-12.1 php7-pspell-7.0.7-12.1 php7-readline-7.0.7-12.1 php7-shmop-7.0.7-12.1 php7-snmp-7.0.7-12.1 php7-soap-7.0.7-12.1 php7-sockets-7.0.7-12.1 php7-sqlite-7.0.7-12.1 php7-sysvmsg-7.0.7-12.1 php7-sysvsem-7.0.7-12.1 php7-sysvshm-7.0.7-12.1 php7-tidy-7.0.7-12.1 php7-tokenizer-7.0.7-12.1 php7-wddx-7.0.7-12.1 php7-xmlreader-7.0.7-12.1 php7-xmlrpc-7.0.7-12.1 php7-xmlwriter-7.0.7-12.1 php7-xsl-7.0.7-12.1 php7-zip-7.0.7-12.1 php7-zlib-7.0.7-12.1 apache2-mod_php7-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-bcmath-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-bz2-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-calendar-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-ctype-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-curl-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-dba-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-devel-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-dom-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-enchant-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-exif-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-fastcgi-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-fileinfo-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-firebird-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-fpm-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-ftp-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-gd-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-gettext-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-gmp-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-iconv-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-imap-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-intl-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-json-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-ldap-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-mbstring-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-mcrypt-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-mysql-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-odbc-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-opcache-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-openssl-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pcntl-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pdo-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pear-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pear-Archive_Tar-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pgsql-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-phar-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-posix-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-pspell-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-readline-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-shmop-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-snmp-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-soap-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-sockets-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-sqlite-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-sysvmsg-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-sysvsem-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-sysvshm-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-tidy-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-tokenizer-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-wddx-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-xmlreader-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-xmlrpc-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-xmlwriter-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-xsl-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-zip-7.0.7-12.1 as a component of openSUSE Leap 42.2 php7-zlib-7.0.7-12.1 as a component of openSUSE Leap 42.2 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. CVE-2016-10158 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10158.html CVE-2016-10158 https://bugzilla.suse.com/1022219 SUSE Bug 1022219 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. CVE-2016-10159 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10159.html CVE-2016-10159 https://bugzilla.suse.com/1022255 SUSE Bug 1022255 https://bugzilla.suse.com/1048094 SUSE Bug 1048094 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. CVE-2016-10160 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10160.html CVE-2016-10160 https://bugzilla.suse.com/1022257 SUSE Bug 1022257 https://bugzilla.suse.com/1048094 SUSE Bug 1048094 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. CVE-2016-10161 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10161.html CVE-2016-10161 https://bugzilla.suse.com/1022260 SUSE Bug 1022260 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. CVE-2016-10162 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10162.html CVE-2016-10162 https://bugzilla.suse.com/1022262 SUSE Bug 1022262 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. CVE-2016-10166 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10166.html CVE-2016-10166 https://bugzilla.suse.com/1022069 SUSE Bug 1022069 https://bugzilla.suse.com/1022263 SUSE Bug 1022263 The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. CVE-2016-10167 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10167.html CVE-2016-10167 https://bugzilla.suse.com/1022069 SUSE Bug 1022069 https://bugzilla.suse.com/1022264 SUSE Bug 1022264 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. CVE-2016-10168 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-10168.html CVE-2016-10168 https://bugzilla.suse.com/1022069 SUSE Bug 1022069 https://bugzilla.suse.com/1022265 SUSE Bug 1022265 Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. CVE-2016-7478 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-7478.html CVE-2016-7478 https://bugzilla.suse.com/1019550 SUSE Bug 1019550 In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. CVE-2016-7479 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-7479.html CVE-2016-7479 https://bugzilla.suse.com/1008026 SUSE Bug 1008026 https://bugzilla.suse.com/1019547 SUSE Bug 1019547 https://bugzilla.suse.com/1019550 SUSE Bug 1019550 The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. CVE-2016-7480 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-7480.html CVE-2016-7480 https://bugzilla.suse.com/1019568 SUSE Bug 1019568 PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. CVE-2016-9138 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2016-9138.html CVE-2016-9138 https://bugzilla.suse.com/1008026 SUSE Bug 1008026 https://bugzilla.suse.com/1008029 SUSE Bug 1008029 Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. CVE-2017-5340 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-12.1 openSUSE Leap 42.2:php7-7.0.7-12.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-12.1 openSUSE Leap 42.2:php7-bz2-7.0.7-12.1 openSUSE Leap 42.2:php7-calendar-7.0.7-12.1 openSUSE Leap 42.2:php7-ctype-7.0.7-12.1 openSUSE Leap 42.2:php7-curl-7.0.7-12.1 openSUSE Leap 42.2:php7-dba-7.0.7-12.1 openSUSE Leap 42.2:php7-devel-7.0.7-12.1 openSUSE Leap 42.2:php7-dom-7.0.7-12.1 openSUSE Leap 42.2:php7-enchant-7.0.7-12.1 openSUSE Leap 42.2:php7-exif-7.0.7-12.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-12.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-12.1 openSUSE Leap 42.2:php7-firebird-7.0.7-12.1 openSUSE Leap 42.2:php7-fpm-7.0.7-12.1 openSUSE Leap 42.2:php7-ftp-7.0.7-12.1 openSUSE Leap 42.2:php7-gd-7.0.7-12.1 openSUSE Leap 42.2:php7-gettext-7.0.7-12.1 openSUSE Leap 42.2:php7-gmp-7.0.7-12.1 openSUSE Leap 42.2:php7-iconv-7.0.7-12.1 openSUSE Leap 42.2:php7-imap-7.0.7-12.1 openSUSE Leap 42.2:php7-intl-7.0.7-12.1 openSUSE Leap 42.2:php7-json-7.0.7-12.1 openSUSE Leap 42.2:php7-ldap-7.0.7-12.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-12.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-12.1 openSUSE Leap 42.2:php7-mysql-7.0.7-12.1 openSUSE Leap 42.2:php7-odbc-7.0.7-12.1 openSUSE Leap 42.2:php7-opcache-7.0.7-12.1 openSUSE Leap 42.2:php7-openssl-7.0.7-12.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-12.1 openSUSE Leap 42.2:php7-pdo-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-7.0.7-12.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-12.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-12.1 openSUSE Leap 42.2:php7-phar-7.0.7-12.1 openSUSE Leap 42.2:php7-posix-7.0.7-12.1 openSUSE Leap 42.2:php7-pspell-7.0.7-12.1 openSUSE Leap 42.2:php7-readline-7.0.7-12.1 openSUSE Leap 42.2:php7-shmop-7.0.7-12.1 openSUSE Leap 42.2:php7-snmp-7.0.7-12.1 openSUSE Leap 42.2:php7-soap-7.0.7-12.1 openSUSE Leap 42.2:php7-sockets-7.0.7-12.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-12.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-12.1 openSUSE Leap 42.2:php7-tidy-7.0.7-12.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-12.1 openSUSE Leap 42.2:php7-wddx-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-12.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-12.1 openSUSE Leap 42.2:php7-xsl-7.0.7-12.1 openSUSE Leap 42.2:php7-zip-7.0.7-12.1 openSUSE Leap 42.2:php7-zlib-7.0.7-12.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00000.html https://www.suse.com/security/cve/CVE-2017-5340.html CVE-2017-5340 https://bugzilla.suse.com/1019570 SUSE Bug 1019570