SUSE-SU-2018:0806-1 -- SLES apache2-mod_php53, php53ID: oval:org.secpod.oval:def:89043717 | Date: (C)2021-03-05 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled . - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS - CVE-2016-5773: php_zip.c in the zip extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data containing a ZipArchive object. - CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly interacted with the unserialize implementation and garbage collection, which allowed remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data. - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex
Platform: |
SUSE Linux Enterprise Server 11 SP4 |
Product: |
apache2-mod_php53 |
php53 |