Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

SUSE: 2017:2303-1 Important: php7 Denial Of Service Threats

suse
Calendar Grey August 30, 2017
Dist Suse Esm H88
Important SUSE release now ready for php8, tackling various vulnerabilities and boosting overall protection. Don't delay!
An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes is now...

Summary

This update for php7 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111)

References

#1047454 #1048094 #1048096 #1048100 #1048111

#1048112 #1050241 #1050726 #1052389 #1053645

#986386

Cross- CVE-2016-10397 CVE-2016-5766 CVE-2017-11142

CVE-2017-11144 CVE-2017-11145 CVE-2017-11146

CVE-2017-11147 CVE-2017-11628 CVE-2017-7890

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Module for Web Scripting 12

https://www.suse.com/security/cve/CVE-2016-10397.html

https://www.suse.com/security/cve/CVE-2016-5766.html

https://www.suse.com/security/cve/CVE-2017-11142.html

https://www.suse.com/security/cve/CVE-2017-11144.html

https://www.suse.com/security/cve/CVE-2017-11145.html

https://www.suse.com/security/cve/CVE-2017-11146.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2303-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.