- Home
- CVEs with nessus.description==This update for php7 fixes the following issues :
- CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)
- CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables.
(bsc#1048100)
- CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash.
(bsc#1048096)
- CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.
(bsc#1048112)
- CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)
- CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information.
(bsc#1048094)
- CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)
- CVE-2017-7890: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241)
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386)
Other fixes :
- Soap Request with References (bsc#1053645)
- php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly.
[bnc#1052389]
This update was imported from the SUSE:SLE-12:Update update project
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top