SUSE-SU-2017:0568-1 -- SLES apache2-mod_php53, php53ID: oval:org.secpod.oval:def:89044520 | Date: (C)2021-06-30 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for php53 fixes the following security issues: - CVE-2016-7478: When unserializing untrusted input data, PHP could end up in an infinite loop, causing denial of service - CVE-2016-10158: The exif_convert_any_to_int function in ext/exif/exif.c in PHP allowed remote attackers to cause a denial of service via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. - CVE-2016-10159: Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service via a truncated manifest entry in a PHAR archive. - CVE-2016-10160: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. - CVE-2016-10161: The object_common1 function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service via crafted serialized data that is mishandled in a finish_nested_data call. - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the PHP gd module - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx could lead to php out of memory even on small files. - CVE-2016-10168: A signed integer overflow in the gd module could lead to memory corruption
Platform: |
SUSE Linux Enterprise Server 11 SP4 |
Product: |
apache2-mod_php53 |
php53 |