Security update for php5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:1504-1 Final 1 1 2016-06-06T15:39:15Z current 2016-06-06T15:39:15Z 2016-06-06T15:39:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Web-Scripting-12-2016-895,SUSE-SLE-SDK-12-2016-895,SUSE-SLE-SDK-12-SP1-2016-895 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ Link for SUSE-SU-2016:1504-1 https://lists.suse.com/pipermail/sle-security-updates/2016-June/002095.html E-Mail link for SUSE-SU-2016:1504-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/977991 SUSE Bug 977991 https://bugzilla.suse.com/977994 SUSE Bug 977994 https://bugzilla.suse.com/978827 SUSE Bug 978827 https://bugzilla.suse.com/978828 SUSE Bug 978828 https://bugzilla.suse.com/978829 SUSE Bug 978829 https://bugzilla.suse.com/978830 SUSE Bug 978830 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/980373 SUSE Bug 980373 https://bugzilla.suse.com/980375 SUSE Bug 980375 https://www.suse.com/security/cve/CVE-2015-4116/ SUSE CVE CVE-2015-4116 page https://www.suse.com/security/cve/CVE-2015-8873/ SUSE CVE CVE-2015-8873 page https://www.suse.com/security/cve/CVE-2015-8874/ SUSE CVE CVE-2015-8874 page https://www.suse.com/security/cve/CVE-2016-4342/ SUSE CVE CVE-2016-4342 page https://www.suse.com/security/cve/CVE-2016-4346/ SUSE CVE CVE-2016-4346 page https://www.suse.com/security/cve/CVE-2016-4537/ SUSE CVE CVE-2016-4537 page https://www.suse.com/security/cve/CVE-2016-4538/ SUSE CVE CVE-2016-4538 page https://www.suse.com/security/cve/CVE-2016-4539/ SUSE CVE CVE-2016-4539 page https://www.suse.com/security/cve/CVE-2016-4540/ SUSE CVE CVE-2016-4540 page https://www.suse.com/security/cve/CVE-2016-4541/ SUSE CVE CVE-2016-4541 page https://www.suse.com/security/cve/CVE-2016-4542/ SUSE CVE CVE-2016-4542 page https://www.suse.com/security/cve/CVE-2016-4543/ SUSE CVE CVE-2016-4543 page https://www.suse.com/security/cve/CVE-2016-4544/ SUSE CVE CVE-2016-4544 page SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 apache2-mod_php5-5.5.14-59.2 php5-5.5.14-59.2 php5-bcmath-5.5.14-59.2 php5-bz2-5.5.14-59.2 php5-calendar-5.5.14-59.2 php5-ctype-5.5.14-59.2 php5-curl-5.5.14-59.2 php5-dba-5.5.14-59.2 php5-dom-5.5.14-59.2 php5-enchant-5.5.14-59.2 php5-exif-5.5.14-59.2 php5-fastcgi-5.5.14-59.2 php5-fileinfo-5.5.14-59.2 php5-fpm-5.5.14-59.2 php5-ftp-5.5.14-59.2 php5-gd-5.5.14-59.2 php5-gettext-5.5.14-59.2 php5-gmp-5.5.14-59.2 php5-iconv-5.5.14-59.2 php5-intl-5.5.14-59.2 php5-json-5.5.14-59.2 php5-ldap-5.5.14-59.2 php5-mbstring-5.5.14-59.2 php5-mcrypt-5.5.14-59.2 php5-mysql-5.5.14-59.2 php5-odbc-5.5.14-59.2 php5-opcache-5.5.14-59.2 php5-openssl-5.5.14-59.2 php5-pcntl-5.5.14-59.2 php5-pdo-5.5.14-59.2 php5-pear-5.5.14-59.2 php5-pgsql-5.5.14-59.2 php5-phar-5.5.14-59.2 php5-posix-5.5.14-59.2 php5-pspell-5.5.14-59.2 php5-shmop-5.5.14-59.2 php5-snmp-5.5.14-59.2 php5-soap-5.5.14-59.2 php5-sockets-5.5.14-59.2 php5-sqlite-5.5.14-59.2 php5-suhosin-5.5.14-59.2 php5-sysvmsg-5.5.14-59.2 php5-sysvsem-5.5.14-59.2 php5-sysvshm-5.5.14-59.2 php5-tokenizer-5.5.14-59.2 php5-wddx-5.5.14-59.2 php5-xmlreader-5.5.14-59.2 php5-xmlrpc-5.5.14-59.2 php5-xmlwriter-5.5.14-59.2 php5-xsl-5.5.14-59.2 php5-zip-5.5.14-59.2 php5-zlib-5.5.14-59.2 php5-devel-5.5.14-59.2 apache2-mod_php5-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bcmath-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bz2-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-calendar-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ctype-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-curl-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dba-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dom-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-enchant-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-exif-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fastcgi-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fileinfo-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fpm-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ftp-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gd-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gettext-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gmp-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-iconv-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-intl-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-json-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ldap-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mbstring-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mcrypt-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mysql-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-odbc-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-opcache-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-openssl-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pcntl-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pdo-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pear-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pgsql-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-phar-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-posix-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pspell-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-shmop-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-snmp-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-soap-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sockets-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sqlite-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-suhosin-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvmsg-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvsem-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvshm-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-tokenizer-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-wddx-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlreader-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlrpc-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlwriter-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xsl-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zip-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zlib-5.5.14-59.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-devel-5.5.14-59.2 as a component of SUSE Linux Enterprise Software Development Kit 12 php5-devel-5.5.14-59.2 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation. CVE-2015-4116 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2015-4116.html CVE-2015-4116 https://bugzilla.suse.com/980366 SUSE Bug 980366 Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. CVE-2015-8873 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2015-8873.html CVE-2015-8873 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/980373 SUSE Bug 980373 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2015-8874.html CVE-2015-8874 https://bugzilla.suse.com/980366 SUSE Bug 980366 https://bugzilla.suse.com/980375 SUSE Bug 980375 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. CVE-2016-4342 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4342.html CVE-2016-4342 https://bugzilla.suse.com/977991 SUSE Bug 977991 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. CVE-2016-4346 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4346.html CVE-2016-4346 https://bugzilla.suse.com/977993 SUSE Bug 977993 https://bugzilla.suse.com/977994 SUSE Bug 977994 https://bugzilla.suse.com/977995 SUSE Bug 977995 https://bugzilla.suse.com/980366 SUSE Bug 980366 The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. CVE-2016-4537 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4537.html CVE-2016-4537 https://bugzilla.suse.com/978827 SUSE Bug 978827 https://bugzilla.suse.com/980366 SUSE Bug 980366 The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. CVE-2016-4538 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4538.html CVE-2016-4538 https://bugzilla.suse.com/978827 SUSE Bug 978827 https://bugzilla.suse.com/980366 SUSE Bug 980366 The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero. CVE-2016-4539 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4539.html CVE-2016-4539 https://bugzilla.suse.com/978828 SUSE Bug 978828 https://bugzilla.suse.com/980366 SUSE Bug 980366 The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. CVE-2016-4540 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4540.html CVE-2016-4540 https://bugzilla.suse.com/978829 SUSE Bug 978829 https://bugzilla.suse.com/980366 SUSE Bug 980366 The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. CVE-2016-4541 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4541.html CVE-2016-4541 https://bugzilla.suse.com/978829 SUSE Bug 978829 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. CVE-2016-4542 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4542.html CVE-2016-4542 https://bugzilla.suse.com/978830 SUSE Bug 978830 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. CVE-2016-4543 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4543.html CVE-2016-4543 https://bugzilla.suse.com/978830 SUSE Bug 978830 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. CVE-2016-4544 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-opcache-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-phar-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-posix-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-59.2 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12 SP1:php5-devel-5.5.14-59.2 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-59.2 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20161504-1/ https://www.suse.com/security/cve/CVE-2016-4544.html CVE-2016-4544 https://bugzilla.suse.com/978830 SUSE Bug 978830 https://bugzilla.suse.com/980366 SUSE Bug 980366