SUSE-SU-2017:2522-1 -- SLES apache2-mod_php53, php53ID: oval:org.secpod.oval:def:89044533 | Date: (C)2021-06-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for php53 fixes the several issues. These security issues were fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP . - CVE-2017-11628: Stack-based buffer overflow in the zend_ini_do_op function in Zend/zend_ini_parser.c could have caused a denial of service or potentially allowed executing code . - CVE-2017-7890: The GIF decoding function gdImageCreateFromGifCtx in the GD Graphics Library did not zero colorMap arrays use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information . - CVE-2016-5766: Integer overflow in the _gd2GetHeader in the GD Graphics Library allowed remote attackers to cause a denial of service or possibly have unspecified other impact via crafted chunk dimensions in an image . - CVE-2017-11145: An error in the date extension"s timelib_meridian parsing code could have been used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function . - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could have lead to information leak [bsc#1048111] - CVE-2016-10397: Incorrect handling of various URI components in the URL parser could have been used by attackers to bypass hostname-specific URL checks . - CVE-2017-11147: The PHAR archive handler could have been used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function . - CVE-2017-11144: The openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could have lead to a crash of the PHP interpreter .
Platform: |
SUSE Linux Enterprise Server 11 SP4 |
Product: |
apache2-mod_php53 |
php53 |