{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_php7":"7.0.7-15.1","php7":"7.0.7-15.1","php7-bcmath":"7.0.7-15.1","php7-bz2":"7.0.7-15.1","php7-calendar":"7.0.7-15.1","php7-ctype":"7.0.7-15.1","php7-curl":"7.0.7-15.1","php7-dba":"7.0.7-15.1","php7-dom":"7.0.7-15.1","php7-enchant":"7.0.7-15.1","php7-exif":"7.0.7-15.1","php7-fastcgi":"7.0.7-15.1","php7-fileinfo":"7.0.7-15.1","php7-fpm":"7.0.7-15.1","php7-ftp":"7.0.7-15.1","php7-gd":"7.0.7-15.1","php7-gettext":"7.0.7-15.1","php7-gmp":"7.0.7-15.1","php7-iconv":"7.0.7-15.1","php7-imap":"7.0.7-15.1","php7-intl":"7.0.7-15.1","php7-json":"7.0.7-15.1","php7-ldap":"7.0.7-15.1","php7-mbstring":"7.0.7-15.1","php7-mcrypt":"7.0.7-15.1","php7-mysql":"7.0.7-15.1","php7-odbc":"7.0.7-15.1","php7-opcache":"7.0.7-15.1","php7-openssl":"7.0.7-15.1","php7-pcntl":"7.0.7-15.1","php7-pdo":"7.0.7-15.1","php7-pear":"7.0.7-15.1","php7-pear-Archive_Tar":"7.0.7-15.1","php7-pgsql":"7.0.7-15.1","php7-phar":"7.0.7-15.1","php7-posix":"7.0.7-15.1","php7-pspell":"7.0.7-15.1","php7-shmop":"7.0.7-15.1","php7-snmp":"7.0.7-15.1","php7-soap":"7.0.7-15.1","php7-sockets":"7.0.7-15.1","php7-sqlite":"7.0.7-15.1","php7-sysvmsg":"7.0.7-15.1","php7-sysvsem":"7.0.7-15.1","php7-sysvshm":"7.0.7-15.1","php7-tokenizer":"7.0.7-15.1","php7-wddx":"7.0.7-15.1","php7-xmlreader":"7.0.7-15.1","php7-xmlrpc":"7.0.7-15.1","php7-xmlwriter":"7.0.7-15.1","php7-xsl":"7.0.7-15.1","php7-zip":"7.0.7-15.1","php7-zlib":"7.0.7-15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"php7","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.7-15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for php7 fixes the following security issues:\n\n* CVE-2016-6128: Invalid color index not properly handled [bsc#987580]\n* CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032]\n* CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422]\n* CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424]\n* CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426]\n* CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427]\n* CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428]\n* CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429]\n* CVE-2016-5399: Improper error handling in bzread() [bsc#991430]\n* CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437]\n* CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434]\n* CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file()\n* CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization\n* CVE-2016-7125: PHP Session Data Injection Vulnerability\n* CVE-2016-7126: select_colors write out-of-bounds\n* CVE-2016-7127: imagegammacorrect allowed arbitrary write access\n* CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF\n* CVE-2016-7129: wddx_deserialize allowed illegal memory access\n* CVE-2016-7131: wddx_deserialize null dereference with invalid xml\n* CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element\n* CVE-2016-7133: memory allocator fails to realloc small block to large one\n* CVE-2016-7134: Heap overflow in the function curl_escape\n* CVE-2016-7130: wddx_deserialize null dereference\n* CVE-2016-7413: Use after free in wddx_deserialize\n* CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field\n* CVE-2016-7417: Missing type check when unserializing SplArray\n* CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message\n* CVE-2016-7418: Null pointer dereference in php_wddx_push_element\n* CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile\n","id":"SUSE-SU-2016:2460-2","modified":"2016-10-05T15:19:17Z","published":"2016-10-05T15:19:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162460-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001950"},{"type":"REPORT","url":"https://bugzilla.suse.com/987580"},{"type":"REPORT","url":"https://bugzilla.suse.com/988032"},{"type":"REPORT","url":"https://bugzilla.suse.com/991422"},{"type":"REPORT","url":"https://bugzilla.suse.com/991424"},{"type":"REPORT","url":"https://bugzilla.suse.com/991426"},{"type":"REPORT","url":"https://bugzilla.suse.com/991427"},{"type":"REPORT","url":"https://bugzilla.suse.com/991428"},{"type":"REPORT","url":"https://bugzilla.suse.com/991429"},{"type":"REPORT","url":"https://bugzilla.suse.com/991430"},{"type":"REPORT","url":"https://bugzilla.suse.com/991434"},{"type":"REPORT","url":"https://bugzilla.suse.com/991437"},{"type":"REPORT","url":"https://bugzilla.suse.com/995512"},{"type":"REPORT","url":"https://bugzilla.suse.com/997206"},{"type":"REPORT","url":"https://bugzilla.suse.com/997207"},{"type":"REPORT","url":"https://bugzilla.suse.com/997208"},{"type":"REPORT","url":"https://bugzilla.suse.com/997210"},{"type":"REPORT","url":"https://bugzilla.suse.com/997211"},{"type":"REPORT","url":"https://bugzilla.suse.com/997220"},{"type":"REPORT","url":"https://bugzilla.suse.com/997225"},{"type":"REPORT","url":"https://bugzilla.suse.com/997230"},{"type":"REPORT","url":"https://bugzilla.suse.com/997247"},{"type":"REPORT","url":"https://bugzilla.suse.com/997248"},{"type":"REPORT","url":"https://bugzilla.suse.com/997257"},{"type":"REPORT","url":"https://bugzilla.suse.com/999313"},{"type":"REPORT","url":"https://bugzilla.suse.com/999679"},{"type":"REPORT","url":"https://bugzilla.suse.com/999680"},{"type":"REPORT","url":"https://bugzilla.suse.com/999684"},{"type":"REPORT","url":"https://bugzilla.suse.com/999685"},{"type":"REPORT","url":"https://bugzilla.suse.com/999819"},{"type":"REPORT","url":"https://bugzilla.suse.com/999820"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5399"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6289"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6292"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6295"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6297"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7124"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7129"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7131"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7132"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7134"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7412"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7413"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7414"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7417"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7418"}],"related":["CVE-2016-4473","CVE-2016-5399","CVE-2016-6128","CVE-2016-6161","CVE-2016-6207","CVE-2016-6289","CVE-2016-6290","CVE-2016-6291","CVE-2016-6292","CVE-2016-6295","CVE-2016-6296","CVE-2016-6297","CVE-2016-7124","CVE-2016-7125","CVE-2016-7126","CVE-2016-7127","CVE-2016-7128","CVE-2016-7129","CVE-2016-7130","CVE-2016-7131","CVE-2016-7132","CVE-2016-7133","CVE-2016-7134","CVE-2016-7412","CVE-2016-7413","CVE-2016-7414","CVE-2016-7416","CVE-2016-7417","CVE-2016-7418"],"summary":"Security update for php7","upstream":["CVE-2016-4473","CVE-2016-5399","CVE-2016-6128","CVE-2016-6161","CVE-2016-6207","CVE-2016-6289","CVE-2016-6290","CVE-2016-6291","CVE-2016-6292","CVE-2016-6295","CVE-2016-6296","CVE-2016-6297","CVE-2016-7124","CVE-2016-7125","CVE-2016-7126","CVE-2016-7127","CVE-2016-7128","CVE-2016-7129","CVE-2016-7130","CVE-2016-7131","CVE-2016-7132","CVE-2016-7133","CVE-2016-7134","CVE-2016-7412","CVE-2016-7413","CVE-2016-7414","CVE-2016-7416","CVE-2016-7417","CVE-2016-7418"]}