Explore top 10 tips to secure your open-source projects now. Read More
×
This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization
#1008026 #1019547 #1019550 #1019568 #1019570
#1022219 #1022255 #1022257 #1022260 #1022262
#1022263 #1022264 #1022265
Cross- CVE-2016-10158 CVE-2016-10159 CVE-2016-10160
CVE-2016-10161 CVE-2016-10162 CVE-2016-10166
CVE-2016-10167 CVE-2016-10168 CVE-2016-7478
CVE-2016-7479 CVE-2016-7480 CVE-2016-9138
CVE-2017-5340
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Module for Web Scripting 12
https://www.suse.com/security/cve/CVE-2016-10158.html
https://www.suse.com/security/cve/CVE-2016-10159.html
https://www.suse.com/security/cve/CVE-2016-10160.html
https://www.suse.com/security/cve/CVE-2016-10161.html
Get the latest Linux and open source security news straight to your inbox.