Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

SUSE: 2017:0534-1 Critical Update: 13 Security Fixes for PHP7

suse
Calendar Grey February 22, 2017
Dist Suse Esm H88
A security patch for php7 in SUSE addresses 13 vulnerabilities, highlighting critical fixes and assigned severity levels.
An update that fixes 13 vulnerabilities is now available

Summary

This update for php7 fixes the following security issues: - CVE-2016-7480: The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP did not verify that a key is an object, which allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. (bsc#1019568) - CVE-2017-5340: Zend/zend_hash.c in PHP mishandled certain cases that require large array allocations, which allowed remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. (bsc#1019570) - CVE-2016-7479: In all versions of PHP 7, during the unserialization

References

#1008026 #1019547 #1019550 #1019568 #1019570

#1022219 #1022255 #1022257 #1022260 #1022262

#1022263 #1022264 #1022265

Cross- CVE-2016-10158 CVE-2016-10159 CVE-2016-10160

CVE-2016-10161 CVE-2016-10162 CVE-2016-10166

CVE-2016-10167 CVE-2016-10168 CVE-2016-7478

CVE-2016-7479 CVE-2016-7480 CVE-2016-9138

CVE-2017-5340

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Module for Web Scripting 12

https://www.suse.com/security/cve/CVE-2016-10158.html

https://www.suse.com/security/cve/CVE-2016-10159.html

https://www.suse.com/security/cve/CVE-2016-10160.html

https://www.suse.com/security/cve/CVE-2016-10161.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:0534-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.