Описание
Security update for php5
This update for php5 fixes the following issues:
- CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187]
- CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188]
- CVE-2016-9935 Invalid read could lead to crash [bsc#1015189]
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:0038-1
- E-Mail link for SUSE-SU-2017:0038-1
- SUSE Security Ratings
- SUSE Bug 1015187
- SUSE Bug 1015188
- SUSE Bug 1015189
- SUSE CVE CVE-2016-9933 page
- SUSE CVE CVE-2016-9934 page
- SUSE CVE CVE-2016-9935 page
Описание
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
Затронутые продукты
Ссылки
- CVE-2016-9933
- SUSE Bug 1015187
Описание
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Затронутые продукты
Ссылки
- CVE-2016-9934
- SUSE Bug 1015188
Описание
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
Затронутые продукты
Ссылки
- CVE-2016-9935
- SUSE Bug 1015189
- SUSE Bug 1048097