openSUSE Security Update : php5 (openSUSE-2018-998)
High Nessus Plugin ID 117477
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for php5 fixes the following issues :
The following security issues were fixed :
- CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984)
- CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659)
- CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098)
- CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466)
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected php5 packages.