Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2016:2408-1)
Summary:The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2016:2408-1 advisory.
The remote host is missing an update for the 'php5' package(s) announced via the SUSE-SU-2016:2408-1 advisory.

Vulnerability Insight:
This update for php5 fixes the following security issues:
* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]
* CVE-2016-6161: global out of bounds read when encoding gif from
malformed input withgd2togif [bsc#988032]
* CVE-2016-6292: Null pointer dereference in exif_process_user_comment
* CVE-2016-6295: Use after free in SNMP with GC and unserialize()
* CVE-2016-6297: Stack-based buffer overflow vulnerability in
php_stream_zip_opener [bsc#991426]
* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE
* CVE-2016-6289: Integer overflow leads to buffer overflow in
virtual_file_ex [bsc#991428]
* CVE-2016-6290: Use after free in unserialize() with Unexpected Session
Deserialization [bsc#991429]
* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]
* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn
in simplestring.c [bsc#991437]
* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc()
* CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting
SLES11 SP3 [bsc#987530]
* CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433]
* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup()
in Deserialization
* CVE-2016-7125: PHP Session Data Injection Vulnerability
* CVE-2016-7126: select_colors write out-of-bounds
* CVE-2016-7127: imagegammacorrect allowed arbitrary write access
* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
* CVE-2016-7129: wddx_deserialize allowed illegal memory access
* CVE-2016-7130: wddx_deserialize null dereference
* CVE-2016-7131: wddx_deserialize null dereference with invalid xml
* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
* CVE-2016-7134: Heap overflow in the function curl_escape

Affected Software/OS:
'php5' package(s) on SUSE Linux Enterprise Software Development Kit 12-SP1, SUSE Linux Enterprise Module for Web Scripting 12

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3587
BugTraq ID: 69325
Debian Security Information: DSA-3008 (Google Search)
Debian Security Information: DSA-3021 (Google Search)
RedHat Security Advisories: RHSA-2014:1326
RedHat Security Advisories: RHSA-2014:1327
RedHat Security Advisories: RHSA-2014:1765
RedHat Security Advisories: RHSA-2014:1766
RedHat Security Advisories: RHSA-2016:0760
Common Vulnerability Exposure (CVE) ID: CVE-2016-3587
BugTraq ID: 91787
BugTraq ID: 91904
RedHat Security Advisories: RHSA-2016:1458
RedHat Security Advisories: RHSA-2016:1475
SuSE Security Announcement: SUSE-SU-2016:2012 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1979 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:2051 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-5399
BugTraq ID: 92051
Bugtraq: 20160721 CVE-2016-5399: php: out-of-bounds write in bzread() (Google Search)
Debian Security Information: DSA-3631 (Google Search)
RedHat Security Advisories: RHSA-2016:2598
RedHat Security Advisories: RHSA-2016:2750
Common Vulnerability Exposure (CVE) ID: CVE-2016-6128
BugTraq ID: 91509
Debian Security Information: DSA-3619 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:2117 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:2363 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-6161
Common Vulnerability Exposure (CVE) ID: CVE-2016-6207
BugTraq ID: 92080
Bugtraq: 20160803 Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability (Google Search)
Debian Security Information: DSA-3630 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2016-6288
BugTraq ID: 92111
Common Vulnerability Exposure (CVE) ID: CVE-2016-6289
BugTraq ID: 92074
Common Vulnerability Exposure (CVE) ID: CVE-2016-6290
BugTraq ID: 92097
Common Vulnerability Exposure (CVE) ID: CVE-2016-6291
BugTraq ID: 92073
Common Vulnerability Exposure (CVE) ID: CVE-2016-6292
BugTraq ID: 92078
Common Vulnerability Exposure (CVE) ID: CVE-2016-6295
BugTraq ID: 92094
Common Vulnerability Exposure (CVE) ID: CVE-2016-6296
BugTraq ID: 92095
Common Vulnerability Exposure (CVE) ID: CVE-2016-6297
BugTraq ID: 92099
Common Vulnerability Exposure (CVE) ID: CVE-2016-7124
BugTraq ID: 92756
Common Vulnerability Exposure (CVE) ID: CVE-2016-7125
BugTraq ID: 92552
Common Vulnerability Exposure (CVE) ID: CVE-2016-7126
BugTraq ID: 92755
Common Vulnerability Exposure (CVE) ID: CVE-2016-7127
BugTraq ID: 92757
Common Vulnerability Exposure (CVE) ID: CVE-2016-7128
BugTraq ID: 92564
Common Vulnerability Exposure (CVE) ID: CVE-2016-7129
BugTraq ID: 92758
Common Vulnerability Exposure (CVE) ID: CVE-2016-7130
BugTraq ID: 92764
Common Vulnerability Exposure (CVE) ID: CVE-2016-7131
BugTraq ID: 92768
Common Vulnerability Exposure (CVE) ID: CVE-2016-7132
BugTraq ID: 92767
Common Vulnerability Exposure (CVE) ID: CVE-2016-7134
BugTraq ID: 92766
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.