{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_php7":"7.0.7-50.9.2","php7":"7.0.7-50.9.2","php7-bcmath":"7.0.7-50.9.2","php7-bz2":"7.0.7-50.9.2","php7-calendar":"7.0.7-50.9.2","php7-ctype":"7.0.7-50.9.2","php7-curl":"7.0.7-50.9.2","php7-dba":"7.0.7-50.9.2","php7-dom":"7.0.7-50.9.2","php7-enchant":"7.0.7-50.9.2","php7-exif":"7.0.7-50.9.2","php7-fastcgi":"7.0.7-50.9.2","php7-fileinfo":"7.0.7-50.9.2","php7-fpm":"7.0.7-50.9.2","php7-ftp":"7.0.7-50.9.2","php7-gd":"7.0.7-50.9.2","php7-gettext":"7.0.7-50.9.2","php7-gmp":"7.0.7-50.9.2","php7-iconv":"7.0.7-50.9.2","php7-imap":"7.0.7-50.9.2","php7-intl":"7.0.7-50.9.2","php7-json":"7.0.7-50.9.2","php7-ldap":"7.0.7-50.9.2","php7-mbstring":"7.0.7-50.9.2","php7-mcrypt":"7.0.7-50.9.2","php7-mysql":"7.0.7-50.9.2","php7-odbc":"7.0.7-50.9.2","php7-opcache":"7.0.7-50.9.2","php7-openssl":"7.0.7-50.9.2","php7-pcntl":"7.0.7-50.9.2","php7-pdo":"7.0.7-50.9.2","php7-pear":"7.0.7-50.9.2","php7-pear-Archive_Tar":"7.0.7-50.9.2","php7-pgsql":"7.0.7-50.9.2","php7-phar":"7.0.7-50.9.2","php7-posix":"7.0.7-50.9.2","php7-pspell":"7.0.7-50.9.2","php7-shmop":"7.0.7-50.9.2","php7-snmp":"7.0.7-50.9.2","php7-soap":"7.0.7-50.9.2","php7-sockets":"7.0.7-50.9.2","php7-sqlite":"7.0.7-50.9.2","php7-sysvmsg":"7.0.7-50.9.2","php7-sysvsem":"7.0.7-50.9.2","php7-sysvshm":"7.0.7-50.9.2","php7-tokenizer":"7.0.7-50.9.2","php7-wddx":"7.0.7-50.9.2","php7-xmlreader":"7.0.7-50.9.2","php7-xmlrpc":"7.0.7-50.9.2","php7-xmlwriter":"7.0.7-50.9.2","php7-xsl":"7.0.7-50.9.2","php7-zip":"7.0.7-50.9.2","php7-zlib":"7.0.7-50.9.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"php7","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.7-50.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"php7-devel":"7.0.7-50.9.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"php7","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.7-50.9.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"php7-devel":"7.0.7-50.9.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"php7","purl":"pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.7-50.9.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for php7 fixes the following issues:\n\n- CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454)\n- CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by\n  injectinglong form variables, related to main/php_variables. (bsc#1048100)\n- CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the\n  OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096)\n- CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak.\n  (bsc#1048112)\n- CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information\n  leak. (bsc#1048111)\n- CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive\n  files to crash the PHP interpreteror potentially disclose information. (bsc#1048094)\n- CVE-2017-11628:  Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726)\n- CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function\ncould lead to denial of service (bsc#1050241)\n- CVE-2016-5766:  Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386)\n\nOther fixes:\n\n- Soap Request with References (bsc#1053645)\n- php7-pear should explicitly require php7-pear-Archive_Tar\n  otherwise this dependency must be declared in every\n  php7-pear-* package explicitly. [bnc#1052389]\n\n","id":"SUSE-SU-2017:2303-1","modified":"2017-08-30T13:18:53Z","published":"2017-08-30T13:18:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20172303-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1047454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048094"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048100"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048111"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048112"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050241"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050726"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052389"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053645"},{"type":"REPORT","url":"https://bugzilla.suse.com/986386"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10397"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5766"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11145"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11146"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11628"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7890"}],"related":["CVE-2016-10397","CVE-2016-5766","CVE-2017-11142","CVE-2017-11144","CVE-2017-11145","CVE-2017-11146","CVE-2017-11147","CVE-2017-11628","CVE-2017-7890"],"summary":"Security update for php7","upstream":["CVE-2016-10397","CVE-2016-5766","CVE-2017-11142","CVE-2017-11144","CVE-2017-11145","CVE-2017-11146","CVE-2017-11147","CVE-2017-11628","CVE-2017-7890"]}