Security update for php53 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2461-1 Final 1 1 2016-10-05T19:46:50Z current 2016-10-05T19:46:50Z 2016-10-05T19:46:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php53 This update for php53 fixes the following issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-php53-12776 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ Link for SUSE-SU-2016:2461-1 https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00008.html E-Mail link for SUSE-SU-2016:2461-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/999679 SUSE Bug 999679 https://bugzilla.suse.com/999680 SUSE Bug 999680 https://bugzilla.suse.com/999682 SUSE Bug 999682 https://bugzilla.suse.com/999684 SUSE Bug 999684 https://bugzilla.suse.com/999685 SUSE Bug 999685 https://bugzilla.suse.com/999819 SUSE Bug 999819 https://bugzilla.suse.com/999820 SUSE Bug 999820 https://www.suse.com/security/cve/CVE-2016-7411/ SUSE CVE CVE-2016-7411 page https://www.suse.com/security/cve/CVE-2016-7412/ SUSE CVE CVE-2016-7412 page https://www.suse.com/security/cve/CVE-2016-7413/ SUSE CVE CVE-2016-7413 page https://www.suse.com/security/cve/CVE-2016-7414/ SUSE CVE CVE-2016-7414 page https://www.suse.com/security/cve/CVE-2016-7416/ SUSE CVE CVE-2016-7416 page https://www.suse.com/security/cve/CVE-2016-7417/ SUSE CVE CVE-2016-7417 page https://www.suse.com/security/cve/CVE-2016-7418/ SUSE CVE CVE-2016-7418 page SUSE Linux Enterprise Server 11 SP2-LTSS apache2-mod_php53-5.3.17-58.1 php53-5.3.17-58.1 php53-bcmath-5.3.17-58.1 php53-bz2-5.3.17-58.1 php53-calendar-5.3.17-58.1 php53-ctype-5.3.17-58.1 php53-curl-5.3.17-58.1 php53-dba-5.3.17-58.1 php53-dom-5.3.17-58.1 php53-exif-5.3.17-58.1 php53-fastcgi-5.3.17-58.1 php53-fileinfo-5.3.17-58.1 php53-ftp-5.3.17-58.1 php53-gd-5.3.17-58.1 php53-gettext-5.3.17-58.1 php53-gmp-5.3.17-58.1 php53-iconv-5.3.17-58.1 php53-intl-5.3.17-58.1 php53-json-5.3.17-58.1 php53-ldap-5.3.17-58.1 php53-mbstring-5.3.17-58.1 php53-mcrypt-5.3.17-58.1 php53-mysql-5.3.17-58.1 php53-odbc-5.3.17-58.1 php53-openssl-5.3.17-58.1 php53-pcntl-5.3.17-58.1 php53-pdo-5.3.17-58.1 php53-pear-5.3.17-58.1 php53-pgsql-5.3.17-58.1 php53-pspell-5.3.17-58.1 php53-shmop-5.3.17-58.1 php53-snmp-5.3.17-58.1 php53-soap-5.3.17-58.1 php53-suhosin-5.3.17-58.1 php53-sysvmsg-5.3.17-58.1 php53-sysvsem-5.3.17-58.1 php53-sysvshm-5.3.17-58.1 php53-tokenizer-5.3.17-58.1 php53-wddx-5.3.17-58.1 php53-xmlreader-5.3.17-58.1 php53-xmlrpc-5.3.17-58.1 php53-xmlwriter-5.3.17-58.1 php53-xsl-5.3.17-58.1 php53-zip-5.3.17-58.1 php53-zlib-5.3.17-58.1 apache2-mod_php53-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-bcmath-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-bz2-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-calendar-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-ctype-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-curl-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-dba-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-dom-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-exif-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-fastcgi-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-fileinfo-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-ftp-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-gd-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-gettext-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-gmp-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-iconv-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-intl-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-json-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-ldap-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-mbstring-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-mcrypt-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-mysql-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-odbc-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-openssl-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-pcntl-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-pdo-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-pear-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-pgsql-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-pspell-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-shmop-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-snmp-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-soap-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-suhosin-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-sysvmsg-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-sysvsem-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-sysvshm-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-tokenizer-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-wddx-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-xmlreader-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-xmlrpc-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-xmlwriter-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-xsl-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-zip-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS php53-zlib-5.3.17-58.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. CVE-2016-7411 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7411.html CVE-2016-7411 https://bugzilla.suse.com/999682 SUSE Bug 999682 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. CVE-2016-7412 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7412.html CVE-2016-7412 https://bugzilla.suse.com/999680 SUSE Bug 999680 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. CVE-2016-7413 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7413.html CVE-2016-7413 https://bugzilla.suse.com/999679 SUSE Bug 999679 The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. CVE-2016-7414 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7414.html CVE-2016-7414 https://bugzilla.suse.com/999820 SUSE Bug 999820 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. CVE-2016-7416 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7416.html CVE-2016-7416 https://bugzilla.suse.com/999685 SUSE Bug 999685 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. CVE-2016-7417 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7417.html CVE-2016-7417 https://bugzilla.suse.com/999684 SUSE Bug 999684 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. CVE-2016-7418 SUSE Linux Enterprise Server 11 SP2-LTSS:apache2-mod_php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bcmath-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-bz2-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-calendar-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ctype-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-curl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dba-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-dom-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-exif-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fastcgi-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-fileinfo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ftp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gd-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gettext-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-gmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-iconv-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-intl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-json-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-ldap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mbstring-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mcrypt-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-mysql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-odbc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-openssl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pcntl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pdo-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pear-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pgsql-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-pspell-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-shmop-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-snmp-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-soap-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-suhosin-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvmsg-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvsem-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-sysvshm-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-tokenizer-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-wddx-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlreader-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlrpc-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xmlwriter-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-xsl-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zip-5.3.17-58.1 SUSE Linux Enterprise Server 11 SP2-LTSS:php53-zlib-5.3.17-58.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162461-1/ https://www.suse.com/security/cve/CVE-2016-7418.html CVE-2016-7418 https://bugzilla.suse.com/999819 SUSE Bug 999819