Bugs fixes in "php7.0"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2016-7130 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-10-04 |
| CVE | CVE-2016-7129 | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-10-04 |
| CVE | CVE-2016-7128 | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that ex | 2016-10-04 |
| CVE | CVE-2016-7127 | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote | 2016-10-04 |
| CVE | CVE-2016-7125 | ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows r | 2016-10-04 |
| CVE | CVE-2016-7124 | ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause | 2016-10-04 |
| CVE | CVE-2016-7418 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service | 2016-10-04 |
| CVE | CVE-2016-7417 | ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type | 2016-10-04 |
| CVE | CVE-2016-7416 | ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale | 2016-10-04 |
| CVE | CVE-2016-7414 | The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enoug | 2016-10-04 |
| CVE | CVE-2016-7413 | Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers | 2016-10-04 |
| CVE | CVE-2016-7412 | ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allo | 2016-10-04 |
| CVE | CVE-2016-7134 | ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of ser | 2016-10-04 |
| CVE | CVE-2016-7133 | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause | 2016-10-04 |
| CVE | CVE-2016-7132 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica | 2016-10-04 |
| CVE | CVE-2016-7131 | ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica | 2016-10-04 |
| CVE | CVE-2016-7130 | The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-10-04 |
| CVE | CVE-2016-7129 | The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service | 2016-10-04 |
| CVE | CVE-2016-7128 | The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that ex | 2016-10-04 |
| CVE | CVE-2016-7127 | The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote | 2016-10-04 |
About
-
Send Feedback to @ubuntu_updates
