{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_php53":"5.3.17-47.1","php53":"5.3.17-47.1","php53-bcmath":"5.3.17-47.1","php53-bz2":"5.3.17-47.1","php53-calendar":"5.3.17-47.1","php53-ctype":"5.3.17-47.1","php53-curl":"5.3.17-47.1","php53-dba":"5.3.17-47.1","php53-dom":"5.3.17-47.1","php53-exif":"5.3.17-47.1","php53-fastcgi":"5.3.17-47.1","php53-fileinfo":"5.3.17-47.1","php53-ftp":"5.3.17-47.1","php53-gd":"5.3.17-47.1","php53-gettext":"5.3.17-47.1","php53-gmp":"5.3.17-47.1","php53-iconv":"5.3.17-47.1","php53-intl":"5.3.17-47.1","php53-json":"5.3.17-47.1","php53-ldap":"5.3.17-47.1","php53-mbstring":"5.3.17-47.1","php53-mcrypt":"5.3.17-47.1","php53-mysql":"5.3.17-47.1","php53-odbc":"5.3.17-47.1","php53-openssl":"5.3.17-47.1","php53-pcntl":"5.3.17-47.1","php53-pdo":"5.3.17-47.1","php53-pear":"5.3.17-47.1","php53-pgsql":"5.3.17-47.1","php53-pspell":"5.3.17-47.1","php53-shmop":"5.3.17-47.1","php53-snmp":"5.3.17-47.1","php53-soap":"5.3.17-47.1","php53-suhosin":"5.3.17-47.1","php53-sysvmsg":"5.3.17-47.1","php53-sysvsem":"5.3.17-47.1","php53-sysvshm":"5.3.17-47.1","php53-tokenizer":"5.3.17-47.1","php53-wddx":"5.3.17-47.1","php53-xmlreader":"5.3.17-47.1","php53-xmlrpc":"5.3.17-47.1","php53-xmlwriter":"5.3.17-47.1","php53-xsl":"5.3.17-47.1","php53-zip":"5.3.17-47.1","php53-zlib":"5.3.17-47.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"php53","purl":"pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.17-47.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for php53 to version 5.3.17 fixes the following issues:\n\nThese security issues were fixed:\n- CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n- CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011).\n- CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012).\n- CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n- CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n- CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050).\n- CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366).\n- CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375).\n- CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373).\n- CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829).\n- CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829.\n- CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830).\n- CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n- CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n- CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n- CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n- CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828).\n- CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n- CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994).\n- CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003).\n- CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005).\n- CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997).\n- CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996).\n- CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792).\n- CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351).\n- CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821).\n- CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location (bsc#971912).\n- CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612).\n- CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n- CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284).\n- CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961).\n- CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291).\n- CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296.\n- CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a 'type confusion' in the serialize_function_call function (bsc#945428).\n- CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412).\n- CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412).\n- CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719).\n- CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721).\n- CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935224).\n- CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935226).\n- CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226).\n- CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n- CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935234).\n- CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274).\n- CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275).\n- CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227).\n- CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229).\n- CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232).\n- CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue (bsc#933227).\n- CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421).\n- CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \\x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n- CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772).\n- CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \\0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769).\n- CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506).\n- CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n- CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972).\n- CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945).\n- CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452).\n- CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950).\n- CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451).\n- CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768).\n- CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150).\n- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n- CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n- CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690).\n- CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357).\n- CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360).\n- CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368).\n- CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions  (bsc#893849).\n- CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853).\n- CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments  (bsc#886059).\n- CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments  (bsc#886060).\n- CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n- CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986).\n- CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987).\n- CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989).\n- CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990).\n- CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991).\n- CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992).\n\nThese non-security issues were fixed:\n- bnc#935074: compare with SQL_NULL_DATA correctly\n- bnc#935074: fix segfault in odbc_fetch_array\n- bnc#919080: fix timezone map\n- bnc#925109: unserialize SoapClient type confusion\n","id":"SUSE-SU-2016:1638-1","modified":"2016-06-21T07:55:52Z","published":"2016-06-21T07:55:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/884986"},{"type":"REPORT","url":"https://bugzilla.suse.com/884987"},{"type":"REPORT","url":"https://bugzilla.suse.com/884989"},{"type":"REPORT","url":"https://bugzilla.suse.com/884990"},{"type":"REPORT","url":"https://bugzilla.suse.com/884991"},{"type":"REPORT","url":"https://bugzilla.suse.com/884992"},{"type":"REPORT","url":"https://bugzilla.suse.com/885961"},{"type":"REPORT","url":"https://bugzilla.suse.com/886059"},{"type":"REPORT","url":"https://bugzilla.suse.com/886060"},{"type":"REPORT","url":"https://bugzilla.suse.com/893849"},{"type":"REPORT","url":"https://bugzilla.suse.com/893853"},{"type":"REPORT","url":"https://bugzilla.suse.com/902357"},{"type":"REPORT","url":"https://bugzilla.suse.com/902360"},{"type":"REPORT","url":"https://bugzilla.suse.com/902368"},{"type":"REPORT","url":"https://bugzilla.suse.com/910659"},{"type":"REPORT","url":"https://bugzilla.suse.com/914690"},{"type":"REPORT","url":"https://bugzilla.suse.com/917150"},{"type":"REPORT","url":"https://bugzilla.suse.com/918768"},{"type":"REPORT","url":"https://bugzilla.suse.com/919080"},{"type":"REPORT","url":"https://bugzilla.suse.com/921950"},{"type":"REPORT","url":"https://bugzilla.suse.com/922451"},{"type":"REPORT","url":"https://bugzilla.suse.com/922452"},{"type":"REPORT","url":"https://bugzilla.suse.com/923945"},{"type":"REPORT","url":"https://bugzilla.suse.com/924972"},{"type":"REPORT","url":"https://bugzilla.suse.com/925109"},{"type":"REPORT","url":"https://bugzilla.suse.com/928506"},{"type":"REPORT","url":"https://bugzilla.suse.com/928511"},{"type":"REPORT","url":"https://bugzilla.suse.com/931421"},{"type":"REPORT","url":"https://bugzilla.suse.com/931769"},{"type":"REPORT","url":"https://bugzilla.suse.com/931772"},{"type":"REPORT","url":"https://bugzilla.suse.com/931776"},{"type":"REPORT","url":"https://bugzilla.suse.com/933227"},{"type":"REPORT","url":"https://bugzilla.suse.com/935074"},{"type":"REPORT","url":"https://bugzilla.suse.com/935224"},{"type":"REPORT","url":"https://bugzilla.suse.com/935226"},{"type":"REPORT","url":"https://bugzilla.suse.com/935227"},{"type":"REPORT","url":"https://bugzilla.suse.com/935229"},{"type":"REPORT","url":"https://bugzilla.suse.com/935232"},{"type":"REPORT","url":"https://bugzilla.suse.com/935234"},{"type":"REPORT","url":"https://bugzilla.suse.com/935274"},{"type":"REPORT","url":"https://bugzilla.suse.com/935275"},{"type":"REPORT","url":"https://bugzilla.suse.com/938719"},{"type":"REPORT","url":"https://bugzilla.suse.com/938721"},{"type":"REPORT","url":"https://bugzilla.suse.com/942291"},{"type":"REPORT","url":"https://bugzilla.suse.com/942296"},{"type":"REPORT","url":"https://bugzilla.suse.com/945412"},{"type":"REPORT","url":"https://bugzilla.suse.com/945428"},{"type":"REPORT","url":"https://bugzilla.suse.com/949961"},{"type":"REPORT","url":"https://bugzilla.suse.com/968284"},{"type":"REPORT","url":"https://bugzilla.suse.com/969821"},{"type":"REPORT","url":"https://bugzilla.suse.com/971611"},{"type":"REPORT","url":"https://bugzilla.suse.com/971612"},{"type":"REPORT","url":"https://bugzilla.suse.com/971912"},{"type":"REPORT","url":"https://bugzilla.suse.com/973351"},{"type":"REPORT","url":"https://bugzilla.suse.com/973792"},{"type":"REPORT","url":"https://bugzilla.suse.com/976996"},{"type":"REPORT","url":"https://bugzilla.suse.com/976997"},{"type":"REPORT","url":"https://bugzilla.suse.com/977003"},{"type":"REPORT","url":"https://bugzilla.suse.com/977005"},{"type":"REPORT","url":"https://bugzilla.suse.com/977991"},{"type":"REPORT","url":"https://bugzilla.suse.com/977994"},{"type":"REPORT","url":"https://bugzilla.suse.com/978827"},{"type":"REPORT","url":"https://bugzilla.suse.com/978828"},{"type":"REPORT","url":"https://bugzilla.suse.com/978829"},{"type":"REPORT","url":"https://bugzilla.suse.com/978830"},{"type":"REPORT","url":"https://bugzilla.suse.com/980366"},{"type":"REPORT","url":"https://bugzilla.suse.com/980373"},{"type":"REPORT","url":"https://bugzilla.suse.com/980375"},{"type":"REPORT","url":"https://bugzilla.suse.com/981050"},{"type":"REPORT","url":"https://bugzilla.suse.com/982010"},{"type":"REPORT","url":"https://bugzilla.suse.com/982011"},{"type":"REPORT","url":"https://bugzilla.suse.com/982012"},{"type":"REPORT","url":"https://bugzilla.suse.com/982013"},{"type":"REPORT","url":"https://bugzilla.suse.com/982162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2004-1019"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2006-7243"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3478"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3487"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3515"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3597"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3668"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3669"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-3670"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-4049"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-4670"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-4698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-4721"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-5459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9705"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9709"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-9767"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0231"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0232"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-0273"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-1352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2301"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2783"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2787"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3411"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-3412"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4022"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4026"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4116"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4148"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4599"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4600"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4602"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4644"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5589"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5590"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6831"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8866"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8867"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8873"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8874"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8879"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3141"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3142"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4070"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4073"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4342"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4346"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4543"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4544"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5093"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5094"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5095"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5114"}],"related":["CVE-2004-1019","CVE-2006-7243","CVE-2014-0207","CVE-2014-3478","CVE-2014-3479","CVE-2014-3480","CVE-2014-3487","CVE-2014-3515","CVE-2014-3597","CVE-2014-3668","CVE-2014-3669","CVE-2014-3670","CVE-2014-4049","CVE-2014-4670","CVE-2014-4698","CVE-2014-4721","CVE-2014-5459","CVE-2014-8142","CVE-2014-9652","CVE-2014-9705","CVE-2014-9709","CVE-2014-9767","CVE-2015-0231","CVE-2015-0232","CVE-2015-0273","CVE-2015-1352","CVE-2015-2301","CVE-2015-2305","CVE-2015-2783","CVE-2015-2787","CVE-2015-3152","CVE-2015-3329","CVE-2015-3411","CVE-2015-3412","CVE-2015-4021","CVE-2015-4022","CVE-2015-4024","CVE-2015-4026","CVE-2015-4116","CVE-2015-4148","CVE-2015-4598","CVE-2015-4599","CVE-2015-4600","CVE-2015-4601","CVE-2015-4602","CVE-2015-4603","CVE-2015-4643","CVE-2015-4644","CVE-2015-5161","CVE-2015-5589","CVE-2015-5590","CVE-2015-6831","CVE-2015-6833","CVE-2015-6836","CVE-2015-6837","CVE-2015-6838","CVE-2015-7803","CVE-2015-8835","CVE-2015-8838","CVE-2015-8866","CVE-2015-8867","CVE-2015-8873","CVE-2015-8874","CVE-2015-8879","CVE-2016-2554","CVE-2016-3141","CVE-2016-3142","CVE-2016-3185","CVE-2016-4070","CVE-2016-4073","CVE-2016-4342","CVE-2016-4346","CVE-2016-4537","CVE-2016-4538","CVE-2016-4539","CVE-2016-4540","CVE-2016-4541","CVE-2016-4542","CVE-2016-4543","CVE-2016-4544","CVE-2016-5093","CVE-2016-5094","CVE-2016-5095","CVE-2016-5096","CVE-2016-5114"],"summary":"Security update for php53","upstream":["CVE-2004-1019","CVE-2006-7243","CVE-2014-0207","CVE-2014-3478","CVE-2014-3479","CVE-2014-3480","CVE-2014-3487","CVE-2014-3515","CVE-2014-3597","CVE-2014-3668","CVE-2014-3669","CVE-2014-3670","CVE-2014-4049","CVE-2014-4670","CVE-2014-4698","CVE-2014-4721","CVE-2014-5459","CVE-2014-8142","CVE-2014-9652","CVE-2014-9705","CVE-2014-9709","CVE-2014-9767","CVE-2015-0231","CVE-2015-0232","CVE-2015-0273","CVE-2015-1352","CVE-2015-2301","CVE-2015-2305","CVE-2015-2783","CVE-2015-2787","CVE-2015-3152","CVE-2015-3329","CVE-2015-3411","CVE-2015-3412","CVE-2015-4021","CVE-2015-4022","CVE-2015-4024","CVE-2015-4026","CVE-2015-4116","CVE-2015-4148","CVE-2015-4598","CVE-2015-4599","CVE-2015-4600","CVE-2015-4601","CVE-2015-4602","CVE-2015-4603","CVE-2015-4643","CVE-2015-4644","CVE-2015-5161","CVE-2015-5589","CVE-2015-5590","CVE-2015-6831","CVE-2015-6833","CVE-2015-6836","CVE-2015-6837","CVE-2015-6838","CVE-2015-7803","CVE-2015-8835","CVE-2015-8838","CVE-2015-8866","CVE-2015-8867","CVE-2015-8873","CVE-2015-8874","CVE-2015-8879","CVE-2016-2554","CVE-2016-3141","CVE-2016-3142","CVE-2016-3185","CVE-2016-4070","CVE-2016-4073","CVE-2016-4342","CVE-2016-4346","CVE-2016-4537","CVE-2016-4538","CVE-2016-4539","CVE-2016-4540","CVE-2016-4541","CVE-2016-4542","CVE-2016-4543","CVE-2016-4544","CVE-2016-5093","CVE-2016-5094","CVE-2016-5095","CVE-2016-5096","CVE-2016-5114"]}