{"id":"SUSE-SU-2016:2080-1","summary":"Security update for php5","details":"\nphp5 was updated to fix the following security issues:\n\n- CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener (bsc#991426).\n- CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE (bsc#991427).\n- CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex (bsc#991428).\n- CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization (bsc#991429).\n- CVE-2016-5399: Improper error handling in bzread() (bsc#991430).\n- CVE-2016-6288: Buffer over-read in php_url_parse_ex (bsc#991433).\n- CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c (bsc#991437).\n- CVE-2016-5769: Mcrypt: Heap Overflow due to integer overflows (bsc#986388).\n- CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).\n- CVE-2016-5772: Double free corruption in wddx_deserialize (bsc#986244).\n- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).\n- CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393).\n","modified":"2025-05-02T04:04:54.047151Z","published":"2016-08-16T07:26:11Z","related":["CVE-2015-8935","CVE-2016-5399","CVE-2016-5766","CVE-2016-5767","CVE-2016-5769","CVE-2016-5772","CVE-2016-6288","CVE-2016-6289","CVE-2016-6290","CVE-2016-6291","CVE-2016-6296","CVE-2016-6297"],"upstream":["CVE-2015-8935","CVE-2016-5399","CVE-2016-5766","CVE-2016-5767","CVE-2016-5769","CVE-2016-5772","CVE-2016-6288","CVE-2016-6289","CVE-2016-6290","CVE-2016-6291","CVE-2016-6296","CVE-2016-6297"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162080-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/986004"},{"type":"REPORT","url":"https://bugzilla.suse.com/986244"},{"type":"REPORT","url":"https://bugzilla.suse.com/986386"},{"type":"REPORT","url":"https://bugzilla.suse.com/986388"},{"type":"REPORT","url":"https://bugzilla.suse.com/986393"},{"type":"REPORT","url":"https://bugzilla.suse.com/991426"},{"type":"REPORT","url":"https://bugzilla.suse.com/991427"},{"type":"REPORT","url":"https://bugzilla.suse.com/991428"},{"type":"REPORT","url":"https://bugzilla.suse.com/991429"},{"type":"REPORT","url":"https://bugzilla.suse.com/991430"},{"type":"REPORT","url":"https://bugzilla.suse.com/991433"},{"type":"REPORT","url":"https://bugzilla.suse.com/991437"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5399"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5766"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5769"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6288"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6289"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6297"}],"affected":[{"package":{"name":"php5","ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","purl":"pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.14-0.7.30.89.1"}]}],"ecosystem_specific":{"binaries":[{"php5-xmlreader":"5.2.14-0.7.30.89.1","php5-json":"5.2.14-0.7.30.89.1","php5-gmp":"5.2.14-0.7.30.89.1","php5-ldap":"5.2.14-0.7.30.89.1","php5":"5.2.14-0.7.30.89.1","php5-pdo":"5.2.14-0.7.30.89.1","php5-wddx":"5.2.14-0.7.30.89.1","php5-zlib":"5.2.14-0.7.30.89.1","php5-ftp":"5.2.14-0.7.30.89.1","php5-calendar":"5.2.14-0.7.30.89.1","php5-sysvshm":"5.2.14-0.7.30.89.1","php5-hash":"5.2.14-0.7.30.89.1","php5-fastcgi":"5.2.14-0.7.30.89.1","php5-pgsql":"5.2.14-0.7.30.89.1","php5-openssl":"5.2.14-0.7.30.89.1","php5-sysvsem":"5.2.14-0.7.30.89.1","php5-ctype":"5.2.14-0.7.30.89.1","php5-zip":"5.2.14-0.7.30.89.1","apache2-mod_php5":"5.2.14-0.7.30.89.1","php5-pear":"5.2.14-0.7.30.89.1","php5-exif":"5.2.14-0.7.30.89.1","php5-mcrypt":"5.2.14-0.7.30.89.1","php5-tokenizer":"5.2.14-0.7.30.89.1","php5-pcntl":"5.2.14-0.7.30.89.1","php5-iconv":"5.2.14-0.7.30.89.1","php5-bz2":"5.2.14-0.7.30.89.1","php5-xmlwriter":"5.2.14-0.7.30.89.1","php5-bcmath":"5.2.14-0.7.30.89.1","php5-odbc":"5.2.14-0.7.30.89.1","php5-mysql":"5.2.14-0.7.30.89.1","php5-xmlrpc":"5.2.14-0.7.30.89.1","php5-pspell":"5.2.14-0.7.30.89.1","php5-dom":"5.2.14-0.7.30.89.1","php5-suhosin":"5.2.14-0.7.30.89.1","php5-gettext":"5.2.14-0.7.30.89.1","php5-mbstring":"5.2.14-0.7.30.89.1","php5-shmop":"5.2.14-0.7.30.89.1","php5-snmp":"5.2.14-0.7.30.89.1","php5-sysvmsg":"5.2.14-0.7.30.89.1","php5-curl":"5.2.14-0.7.30.89.1","php5-gd":"5.2.14-0.7.30.89.1","php5-soap":"5.2.14-0.7.30.89.1","php5-xsl":"5.2.14-0.7.30.89.1","php5-dba":"5.2.14-0.7.30.89.1","php5-dbase":"5.2.14-0.7.30.89.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2080-1.json"}}],"schema_version":"1.7.3"}