rpm package

suse/php53&distro=SUSE Linux Enterprise Server 11 SP3-LTSS

pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Vulnerabilities (65)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-10548		—	< 5.3.17-112.23.1	5.3.17-112.23.1	Apr 29, 2018	An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn retur
CVE-2018-10547		—	< 5.3.17-112.23.1	5.3.17-112.23.1	Apr 29, 2018	An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists bec
CVE-2018-10546		—	< 5.3.17-112.23.1	5.3.17-112.23.1	Apr 29, 2018	An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545		—	< 5.3.17-112.23.1	5.3.17-112.23.1	Apr 29, 2018	An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environmen
CVE-2018-7584		—	< 5.3.17-112.20.1	5.3.17-112.20.1	Mar 1, 2018	In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copyin
CVE-2016-10712		—	< 5.3.17-112.20.1	5.3.17-112.20.1	Feb 9, 2018	In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles t
CVE-2018-5712		—	< 5.3.17-112.20.1	5.3.17-112.20.1	Jan 16, 2018	An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711		—	< 5.3.17-112.20.1	5.3.17-112.20.1	Jan 16, 2018	gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef
CVE-2016-10168	Hig	7.8	< 5.3.17-101.1	5.3.17-101.1	Mar 15, 2017	Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167	Med	5.5	< 5.3.17-101.1	5.3.17-101.1	Mar 15, 2017	The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166	Cri	9.8	< 5.3.17-101.1	5.3.17-101.1	Mar 15, 2017	Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2016-10161	Hig	7.5	< 5.3.17-101.1	5.3.17-101.1	Jan 24, 2017	The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160	Cri	9.8	< 5.3.17-101.1	5.3.17-101.1	Jan 24, 2017	Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159	Hig	7.5	< 5.3.17-101.1	5.3.17-101.1	Jan 24, 2017	Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158	Hig	7.5	< 5.3.17-101.1	5.3.17-101.1	Jan 24, 2017	The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7478	Hig	7.5	< 5.3.17-101.1	5.3.17-101.1	Jan 11, 2017	Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-7418	Hig	7.5	< 5.3.17-84.1	5.3.17-84.1	Sep 17, 2016	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417	Cri	9.8	< 5.3.17-84.1	5.3.17-84.1	Sep 17, 2016	ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416	Hig	7.5	< 5.3.17-84.1	5.3.17-84.1	Sep 17, 2016	ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi
CVE-2016-7414	Cri	9.8	< 5.3.17-84.1	5.3.17-84.1	Sep 17, 2016	The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa

CVE-2018-10548Apr 29, 2018
affected < 5.3.17-112.23.1fixed 5.3.17-112.23.1
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn retur
CVE-2018-10547Apr 29, 2018
affected < 5.3.17-112.23.1fixed 5.3.17-112.23.1
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists bec
CVE-2018-10546Apr 29, 2018
affected < 5.3.17-112.23.1fixed 5.3.17-112.23.1
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10545Apr 29, 2018
affected < 5.3.17-112.23.1fixed 5.3.17-112.23.1
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environmen
CVE-2018-7584Mar 1, 2018
affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copyin
CVE-2016-10712Feb 9, 2018
affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles t
CVE-2018-5712Jan 16, 2018
affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711Jan 16, 2018
affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatef
CVE-2016-10168HigMar 15, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
CVE-2016-10167MedMar 15, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10166CriMar 15, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
CVE-2016-10161HigJan 24, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis
CVE-2016-10160CriJan 24, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
CVE-2016-10159HigJan 24, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
CVE-2016-10158HigJan 24, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne
CVE-2016-7478HigJan 11, 2017
affected < 5.3.17-101.1fixed 5.3.17-101.1
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-7418HigSep 17, 2016
affected < 5.3.17-84.1fixed 5.3.17-84.1
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417CriSep 17, 2016
affected < 5.3.17-84.1fixed 5.3.17-84.1
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416HigSep 17, 2016
affected < 5.3.17-84.1fixed 5.3.17-84.1
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi
CVE-2016-7414CriSep 17, 2016
affected < 5.3.17-84.1fixed 5.3.17-84.1
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa

Page 1 of 4