openSUSE Security Update : php5 (openSUSE-2016-696)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for php5 fixes the following issues :

Security issues fixed :

- CVE-2016-4346: heap overflow in ext/standard/string.c

- CVE-2016-4342: heap corruption in tar/zip/phar parser

- CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative
scale causing heap buffer overflow corrupting _one_
definition (bsc#978827)

- CVE-2016-4539: Malformed input causes segmentation fault
in xml_parse_into_struct() function (bsc#978828)

- CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read
in zif_grapheme_stripos when given negative offset

- CVE-2016-4542, CVE-2016-4543, CVE-2016-4544:
Out-of-bounds heap memory read in exif_read_data()
caused by malformed input (bsc#978830)

- CVE-2015-4116: Use-after-free vulnerability in the
spl_ptr_heap_insert function (bsc#980366)

- CVE-2015-8873: Stack consumption vulnerability in
Zend/zend_exceptions.c (bsc#980373)

- CVE-2015-8874: Stack consumption vulnerability in GD

This update was imported from the SUSE:SLE-12:Update update project.

See also :

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 8.3

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now