Bugs fixes in "php7.0"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2016-7418 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service | 2016-12-01 |
| CVE | CVE-2016-7417 | ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type | 2016-12-01 |
| CVE | CVE-2016-7416 | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale | 2016-12-01 |
| CVE | CVE-2016-7414 | The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enoug | 2016-12-01 |
| CVE | CVE-2016-7413 | Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers | 2016-12-01 |
| CVE | CVE-2016-7412 | ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allo | 2016-12-01 |
| CVE | CVE-2016-7134 | ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of ser | 2016-12-01 |
| CVE | CVE-2016-7133 | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause | 2016-12-01 |
| CVE | CVE-2016-7132 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica | 2016-12-01 |
| CVE | CVE-2016-7131 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica | 2016-12-01 |
| CVE | CVE-2016-7130 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-12-01 |
| CVE | CVE-2016-7129 | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-12-01 |
| CVE | CVE-2016-7128 | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that ex | 2016-12-01 |
| CVE | CVE-2016-7127 | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote | 2016-12-01 |
| CVE | CVE-2016-7125 | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows r | 2016-12-01 |
| CVE | CVE-2016-7124 | ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause | 2016-12-01 |
| CVE | CVE-2016-6297 | Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows | 2016-12-01 |
| CVE | CVE-2016-6296 | Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before | 2016-12-01 |
| CVE | CVE-2016-6295 | ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage | 2016-12-01 |
| CVE | CVE-2016-6294 | The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not pro | 2016-12-01 |
About
-
Send Feedback to @ubuntu_updates
