{"id":"SUSE-SU-2017:2468-1","summary":"Security update for php7","details":"This update for php7 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-12932: Prevent heap use after free while unserializing untrusted\n  data, related to improper use of the hash API for key deletion in a situation\n  with an invalid array size. Exploitation of this issue could have had an\n  unspecified impact on the integrity of PHP (bsc#1054432).\n- CVE-2017-12934: Prevent heap use after free while unserializing untrusted\n  data, related to the zval_get_type function in Zend/zend_types.h.\n  Exploitation of this issue could have had an unspecified impact on the\n  integrity of PHP (bsc#1054408).\n- CVE-2017-12933: The finish_nested_data function in\n  ext/standard/var_unserializer.re was prone to a buffer over-read while\n  unserializing untrusted data. Exploitation of this issue could have had an\n  unspecified impact on the integrity of PHP (bsc#1054430)\n\nThese non-security issues were fixed:\n\n- bsc#1057104: php7-devel now requires php7-pear\n- bsc#1057845: Fixed namespace encapsulation of imported classes/functions/constants\n","modified":"2026-02-04T04:09:09.176533Z","published":"2017-09-14T14:32:04Z","related":["CVE-2017-12932","CVE-2017-12933","CVE-2017-12934"],"upstream":["CVE-2017-12932","CVE-2017-12933","CVE-2017-12934"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172468-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1054408"},{"type":"REPORT","url":"https://bugzilla.suse.com/1054430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1054432"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057104"},{"type":"REPORT","url":"https://bugzilla.suse.com/1057845"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12932"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12934"}],"affected":[{"package":{"name":"php7","ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.7-50.18.1"}]}],"ecosystem_specific":{"binaries":[{"php7-xmlwriter":"7.0.7-50.18.1","php7-sysvsem":"7.0.7-50.18.1","php7-pspell":"7.0.7-50.18.1","php7-imap":"7.0.7-50.18.1","php7-sockets":"7.0.7-50.18.1","php7-bz2":"7.0.7-50.18.1","php7-ctype":"7.0.7-50.18.1","php7-fastcgi":"7.0.7-50.18.1","php7-iconv":"7.0.7-50.18.1","php7-pear-Archive_Tar":"7.0.7-50.18.1","php7-mcrypt":"7.0.7-50.18.1","php7-openssl":"7.0.7-50.18.1","php7-bcmath":"7.0.7-50.18.1","php7-intl":"7.0.7-50.18.1","php7-dom":"7.0.7-50.18.1","php7-sqlite":"7.0.7-50.18.1","php7-wddx":"7.0.7-50.18.1","php7-pcntl":"7.0.7-50.18.1","php7-ftp":"7.0.7-50.18.1","php7-soap":"7.0.7-50.18.1","php7-tokenizer":"7.0.7-50.18.1","php7-curl":"7.0.7-50.18.1","php7-mysql":"7.0.7-50.18.1","php7-fpm":"7.0.7-50.18.1","php7-posix":"7.0.7-50.18.1","php7-odbc":"7.0.7-50.18.1","apache2-mod_php7":"7.0.7-50.18.1","php7-mbstring":"7.0.7-50.18.1","php7-fileinfo":"7.0.7-50.18.1","php7-ldap":"7.0.7-50.18.1","php7-pgsql":"7.0.7-50.18.1","php7-exif":"7.0.7-50.18.1","php7-opcache":"7.0.7-50.18.1","php7-dba":"7.0.7-50.18.1","php7-gmp":"7.0.7-50.18.1","php7-xmlrpc":"7.0.7-50.18.1","php7-json":"7.0.7-50.18.1","php7-enchant":"7.0.7-50.18.1","php7-xmlreader":"7.0.7-50.18.1","php7-gd":"7.0.7-50.18.1","php7-zlib":"7.0.7-50.18.1","php7-shmop":"7.0.7-50.18.1","php7-sysvmsg":"7.0.7-50.18.1","php7-phar":"7.0.7-50.18.1","php7-calendar":"7.0.7-50.18.1","php7-zip":"7.0.7-50.18.1","php7-snmp":"7.0.7-50.18.1","php7-gettext":"7.0.7-50.18.1","php7-xsl":"7.0.7-50.18.1","php7-sysvshm":"7.0.7-50.18.1","php7":"7.0.7-50.18.1","php7-pear":"7.0.7-50.18.1","php7-pdo":"7.0.7-50.18.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2468-1.json"}},{"package":{"name":"php7","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.7-50.18.1"}]}],"ecosystem_specific":{"binaries":[{"php7-devel":"7.0.7-50.18.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2468-1.json"}},{"package":{"name":"php7","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.7-50.18.1"}]}],"ecosystem_specific":{"binaries":[{"php7-devel":"7.0.7-50.18.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:2468-1.json"}}],"schema_version":"1.7.3"}