File _patchinfo of Package patchinfo.3013

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3013

<patchinfo incident="3013">
  <issue id="991424" tracker="bnc">VUL-0: CVE-2016-6295: php: Use after free in SNMP with GC and unserialize()</issue>
  <issue id="991427" tracker="bnc">VUL-0: CVE-2016-6291: php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE</issue>
  <issue id="991426" tracker="bnc">VUL-0: CVE-2016-6297: php: Stack-based buffer overflow vulnerability in php_stream_zip_opener</issue>
  <issue id="991437" tracker="bnc">VUL-0: CVE-2016-6296: php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c</issue>
  <issue id="991430" tracker="bnc">VUL-0: php5,php7,php53: CVE-2016-5399: php, bzip2: Improper error handling in bzread()</issue>
  <issue id="991422" tracker="bnc">VUL-0: CVE-2016-6292: php: Null pointer dereference in exif_process_user_comment</issue>
  <issue id="988032" tracker="bnc">VUL-1: CVE-2016-6161: php: global out of bounds read when encoding gif from malformed input withgd2togif</issue>
  <issue id="991429" tracker="bnc">VUL-0: CVE-2016-6290: php: Use after free in unserialize() with Unexpected Session Deserialization</issue>
  <issue id="991428" tracker="bnc">VUL-0: CVE-2016-6289: php: Integer overflow leads to buffer overflow in virtual_file_ex</issue>
  <issue id="991434" tracker="bnc">VUL-0: CVE-2016-6207: php: Integer overflow error within _gdContributionsAlloc()</issue>
  <issue id="987580" tracker="bnc">VUL-1: CVE-2016-6128: php: Invalid color index not properly handled</issue>
  <issue id="987530" tracker="bnc">L3-Question: CVE-2014-3587 php: Integer overflow in the cdf_read_property_info affecting SLES11 SP3?</issue>
  <issue id="991433" tracker="bnc">VUL-0: CVE-2016-6288 php: Buffer over-read in php_url_parse_ex</issue>
  <issue id="997206" tracker="bnc">VUL-0: CVE-2016-7124: php5: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization</issue>
  <issue id="997207" tracker="bnc">VUL-0: CVE-2016-7125: php5, php7: PHP Session Data Injection Vulnerability</issue>
  <issue id="997208" tracker="bnc">VUL-0: CVE-2016-7126: php7: select_colors write out-of-bounds</issue>
  <issue id="997210" tracker="bnc">VUL-0: CVE-2016-7127: php7: imagegammacorrect allows arbitrary write access</issue>
  <issue id="997211" tracker="bnc">VUL-0: CVE-2016-7128: php7: Memory Leakage In exif_process_IFD_in_TIFF</issue>
  <issue id="997220" tracker="bnc">VUL-0: CVE-2016-7129: php5, php7: wddx_deserialize allows illegal memory access</issue>
  <issue id="997225" tracker="bnc">VUL-0: CVE-2016-7131: php7: wddx_deserialize null dereference with invalid xml</issue>
  <issue id="997230" tracker="bnc">VUL-0: CVE-2016-7132: php5, php7: wddx_deserialize null dereference in php_wddx_pop_element</issue>
  <issue id="997248" tracker="bnc">VUL-0: CVE-2016-7134: php5, php7: Heap overflow in the function curl_escape</issue>
  <issue id="997257" tracker="bnc">VUL-0: CVE-2016-7130: php5, php7: wddx_deserialize null dereference</issue>
  <issue id="2016-7124" tracker="cve" />
  <issue id="2016-7125" tracker="cve" />
  <issue id="2016-7126" tracker="cve" />
  <issue id="2016-7127" tracker="cve" />
  <issue id="2016-7128" tracker="cve" />
  <issue id="2016-7129" tracker="cve" />
  <issue id="2016-7130" tracker="cve" />
  <issue id="2016-7131" tracker="cve" />
  <issue id="2016-7132" tracker="cve" />
  <issue id="2016-7134" tracker="cve" />

<issue id="2016-6128" tracker="cve" />
  <issue id="2014-3587" tracker="cve" />
  <issue id="2016-6161" tracker="cve" />
  <issue id="2016-5399" tracker="cve" />
  <issue id="2016-6207" tracker="cve" />
  <issue id="2016-6292" tracker="cve" />
  <issue id="2016-6290" tracker="cve" />
  <issue id="2016-6291" tracker="cve" />
  <issue id="2016-6296" tracker="cve" />
  <issue id="2016-6297" tracker="cve" />
  <issue id="2016-6295" tracker="cve" />
  <issue id="2016-6289" tracker="cve" />
  <issue id="2016-6288" tracker="cve" />
  <issue id="2016-3587" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>
This update for php5 fixes the following security issues:

* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
* CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]
* CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]
* CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]
* CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]
* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]
* CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]
* CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]
* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]
* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]
* CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530]
* CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433]
* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization
* CVE-2016-7125: PHP Session Data Injection Vulnerability
* CVE-2016-7126: select_colors write out-of-bounds
* CVE-2016-7127: imagegammacorrect allowed arbitrary write access
* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
* CVE-2016-7129: wddx_deserialize allowed illegal memory access
* CVE-2016-7130: wddx_deserialize null dereference
* CVE-2016-7131: wddx_deserialize null dereference with invalid xml
* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
* CVE-2016-7134: Heap overflow in the function curl_escape
</description>
  <summary>Security update for php5</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3013

Places