Security update for php7 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0061-1 Final 1 1 2017-01-07T20:49:03Z current 2017-01-07T20:49:03Z 2017-01-07T20:49:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php7 This update for php7 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] * CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html E-Mail link for openSUSE-SU-2017:0061-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 apache2-mod_php7-7.0.7-9.1 php7-7.0.7-9.1 php7-bcmath-7.0.7-9.1 php7-bz2-7.0.7-9.1 php7-calendar-7.0.7-9.1 php7-ctype-7.0.7-9.1 php7-curl-7.0.7-9.1 php7-dba-7.0.7-9.1 php7-devel-7.0.7-9.1 php7-dom-7.0.7-9.1 php7-enchant-7.0.7-9.1 php7-exif-7.0.7-9.1 php7-fastcgi-7.0.7-9.1 php7-fileinfo-7.0.7-9.1 php7-firebird-7.0.7-9.1 php7-fpm-7.0.7-9.1 php7-ftp-7.0.7-9.1 php7-gd-7.0.7-9.1 php7-gettext-7.0.7-9.1 php7-gmp-7.0.7-9.1 php7-iconv-7.0.7-9.1 php7-imap-7.0.7-9.1 php7-intl-7.0.7-9.1 php7-json-7.0.7-9.1 php7-ldap-7.0.7-9.1 php7-mbstring-7.0.7-9.1 php7-mcrypt-7.0.7-9.1 php7-mysql-7.0.7-9.1 php7-odbc-7.0.7-9.1 php7-opcache-7.0.7-9.1 php7-openssl-7.0.7-9.1 php7-pcntl-7.0.7-9.1 php7-pdo-7.0.7-9.1 php7-pear-7.0.7-9.1 php7-pear-Archive_Tar-7.0.7-9.1 php7-pgsql-7.0.7-9.1 php7-phar-7.0.7-9.1 php7-posix-7.0.7-9.1 php7-pspell-7.0.7-9.1 php7-readline-7.0.7-9.1 php7-shmop-7.0.7-9.1 php7-snmp-7.0.7-9.1 php7-soap-7.0.7-9.1 php7-sockets-7.0.7-9.1 php7-sqlite-7.0.7-9.1 php7-sysvmsg-7.0.7-9.1 php7-sysvsem-7.0.7-9.1 php7-sysvshm-7.0.7-9.1 php7-tidy-7.0.7-9.1 php7-tokenizer-7.0.7-9.1 php7-wddx-7.0.7-9.1 php7-xmlreader-7.0.7-9.1 php7-xmlrpc-7.0.7-9.1 php7-xmlwriter-7.0.7-9.1 php7-xsl-7.0.7-9.1 php7-zip-7.0.7-9.1 php7-zlib-7.0.7-9.1 apache2-mod_php7-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-bcmath-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-bz2-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-calendar-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-ctype-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-curl-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-dba-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-devel-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-dom-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-enchant-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-exif-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-fastcgi-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-fileinfo-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-firebird-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-fpm-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-ftp-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-gd-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-gettext-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-gmp-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-iconv-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-imap-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-intl-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-json-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-ldap-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-mbstring-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-mcrypt-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-mysql-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-odbc-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-opcache-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-openssl-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pcntl-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pdo-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pear-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pear-Archive_Tar-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pgsql-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-phar-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-posix-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-pspell-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-readline-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-shmop-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-snmp-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-soap-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-sockets-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-sqlite-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-sysvmsg-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-sysvsem-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-sysvshm-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-tidy-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-tokenizer-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-wddx-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-xmlreader-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-xmlrpc-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-xmlwriter-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-xsl-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-zip-7.0.7-9.1 as a component of openSUSE Leap 42.2 php7-zlib-7.0.7-9.1 as a component of openSUSE Leap 42.2 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. CVE-2016-9933 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-9.1 openSUSE Leap 42.2:php7-7.0.7-9.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-9.1 openSUSE Leap 42.2:php7-bz2-7.0.7-9.1 openSUSE Leap 42.2:php7-calendar-7.0.7-9.1 openSUSE Leap 42.2:php7-ctype-7.0.7-9.1 openSUSE Leap 42.2:php7-curl-7.0.7-9.1 openSUSE Leap 42.2:php7-dba-7.0.7-9.1 openSUSE Leap 42.2:php7-devel-7.0.7-9.1 openSUSE Leap 42.2:php7-dom-7.0.7-9.1 openSUSE Leap 42.2:php7-enchant-7.0.7-9.1 openSUSE Leap 42.2:php7-exif-7.0.7-9.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-9.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-9.1 openSUSE Leap 42.2:php7-firebird-7.0.7-9.1 openSUSE Leap 42.2:php7-fpm-7.0.7-9.1 openSUSE Leap 42.2:php7-ftp-7.0.7-9.1 openSUSE Leap 42.2:php7-gd-7.0.7-9.1 openSUSE Leap 42.2:php7-gettext-7.0.7-9.1 openSUSE Leap 42.2:php7-gmp-7.0.7-9.1 openSUSE Leap 42.2:php7-iconv-7.0.7-9.1 openSUSE Leap 42.2:php7-imap-7.0.7-9.1 openSUSE Leap 42.2:php7-intl-7.0.7-9.1 openSUSE Leap 42.2:php7-json-7.0.7-9.1 openSUSE Leap 42.2:php7-ldap-7.0.7-9.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-9.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-9.1 openSUSE Leap 42.2:php7-mysql-7.0.7-9.1 openSUSE Leap 42.2:php7-odbc-7.0.7-9.1 openSUSE Leap 42.2:php7-opcache-7.0.7-9.1 openSUSE Leap 42.2:php7-openssl-7.0.7-9.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-9.1 openSUSE Leap 42.2:php7-pdo-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-9.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-9.1 openSUSE Leap 42.2:php7-phar-7.0.7-9.1 openSUSE Leap 42.2:php7-posix-7.0.7-9.1 openSUSE Leap 42.2:php7-pspell-7.0.7-9.1 openSUSE Leap 42.2:php7-readline-7.0.7-9.1 openSUSE Leap 42.2:php7-shmop-7.0.7-9.1 openSUSE Leap 42.2:php7-snmp-7.0.7-9.1 openSUSE Leap 42.2:php7-soap-7.0.7-9.1 openSUSE Leap 42.2:php7-sockets-7.0.7-9.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-9.1 openSUSE Leap 42.2:php7-tidy-7.0.7-9.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-9.1 openSUSE Leap 42.2:php7-wddx-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-9.1 openSUSE Leap 42.2:php7-xsl-7.0.7-9.1 openSUSE Leap 42.2:php7-zip-7.0.7-9.1 openSUSE Leap 42.2:php7-zlib-7.0.7-9.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9933.html CVE-2016-9933 https://bugzilla.suse.com/1015187 SUSE Bug 1015187 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. CVE-2016-9934 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-9.1 openSUSE Leap 42.2:php7-7.0.7-9.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-9.1 openSUSE Leap 42.2:php7-bz2-7.0.7-9.1 openSUSE Leap 42.2:php7-calendar-7.0.7-9.1 openSUSE Leap 42.2:php7-ctype-7.0.7-9.1 openSUSE Leap 42.2:php7-curl-7.0.7-9.1 openSUSE Leap 42.2:php7-dba-7.0.7-9.1 openSUSE Leap 42.2:php7-devel-7.0.7-9.1 openSUSE Leap 42.2:php7-dom-7.0.7-9.1 openSUSE Leap 42.2:php7-enchant-7.0.7-9.1 openSUSE Leap 42.2:php7-exif-7.0.7-9.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-9.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-9.1 openSUSE Leap 42.2:php7-firebird-7.0.7-9.1 openSUSE Leap 42.2:php7-fpm-7.0.7-9.1 openSUSE Leap 42.2:php7-ftp-7.0.7-9.1 openSUSE Leap 42.2:php7-gd-7.0.7-9.1 openSUSE Leap 42.2:php7-gettext-7.0.7-9.1 openSUSE Leap 42.2:php7-gmp-7.0.7-9.1 openSUSE Leap 42.2:php7-iconv-7.0.7-9.1 openSUSE Leap 42.2:php7-imap-7.0.7-9.1 openSUSE Leap 42.2:php7-intl-7.0.7-9.1 openSUSE Leap 42.2:php7-json-7.0.7-9.1 openSUSE Leap 42.2:php7-ldap-7.0.7-9.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-9.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-9.1 openSUSE Leap 42.2:php7-mysql-7.0.7-9.1 openSUSE Leap 42.2:php7-odbc-7.0.7-9.1 openSUSE Leap 42.2:php7-opcache-7.0.7-9.1 openSUSE Leap 42.2:php7-openssl-7.0.7-9.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-9.1 openSUSE Leap 42.2:php7-pdo-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-9.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-9.1 openSUSE Leap 42.2:php7-phar-7.0.7-9.1 openSUSE Leap 42.2:php7-posix-7.0.7-9.1 openSUSE Leap 42.2:php7-pspell-7.0.7-9.1 openSUSE Leap 42.2:php7-readline-7.0.7-9.1 openSUSE Leap 42.2:php7-shmop-7.0.7-9.1 openSUSE Leap 42.2:php7-snmp-7.0.7-9.1 openSUSE Leap 42.2:php7-soap-7.0.7-9.1 openSUSE Leap 42.2:php7-sockets-7.0.7-9.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-9.1 openSUSE Leap 42.2:php7-tidy-7.0.7-9.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-9.1 openSUSE Leap 42.2:php7-wddx-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-9.1 openSUSE Leap 42.2:php7-xsl-7.0.7-9.1 openSUSE Leap 42.2:php7-zip-7.0.7-9.1 openSUSE Leap 42.2:php7-zlib-7.0.7-9.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9934.html CVE-2016-9934 https://bugzilla.suse.com/1015188 SUSE Bug 1015188 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. CVE-2016-9935 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-9.1 openSUSE Leap 42.2:php7-7.0.7-9.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-9.1 openSUSE Leap 42.2:php7-bz2-7.0.7-9.1 openSUSE Leap 42.2:php7-calendar-7.0.7-9.1 openSUSE Leap 42.2:php7-ctype-7.0.7-9.1 openSUSE Leap 42.2:php7-curl-7.0.7-9.1 openSUSE Leap 42.2:php7-dba-7.0.7-9.1 openSUSE Leap 42.2:php7-devel-7.0.7-9.1 openSUSE Leap 42.2:php7-dom-7.0.7-9.1 openSUSE Leap 42.2:php7-enchant-7.0.7-9.1 openSUSE Leap 42.2:php7-exif-7.0.7-9.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-9.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-9.1 openSUSE Leap 42.2:php7-firebird-7.0.7-9.1 openSUSE Leap 42.2:php7-fpm-7.0.7-9.1 openSUSE Leap 42.2:php7-ftp-7.0.7-9.1 openSUSE Leap 42.2:php7-gd-7.0.7-9.1 openSUSE Leap 42.2:php7-gettext-7.0.7-9.1 openSUSE Leap 42.2:php7-gmp-7.0.7-9.1 openSUSE Leap 42.2:php7-iconv-7.0.7-9.1 openSUSE Leap 42.2:php7-imap-7.0.7-9.1 openSUSE Leap 42.2:php7-intl-7.0.7-9.1 openSUSE Leap 42.2:php7-json-7.0.7-9.1 openSUSE Leap 42.2:php7-ldap-7.0.7-9.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-9.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-9.1 openSUSE Leap 42.2:php7-mysql-7.0.7-9.1 openSUSE Leap 42.2:php7-odbc-7.0.7-9.1 openSUSE Leap 42.2:php7-opcache-7.0.7-9.1 openSUSE Leap 42.2:php7-openssl-7.0.7-9.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-9.1 openSUSE Leap 42.2:php7-pdo-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-9.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-9.1 openSUSE Leap 42.2:php7-phar-7.0.7-9.1 openSUSE Leap 42.2:php7-posix-7.0.7-9.1 openSUSE Leap 42.2:php7-pspell-7.0.7-9.1 openSUSE Leap 42.2:php7-readline-7.0.7-9.1 openSUSE Leap 42.2:php7-shmop-7.0.7-9.1 openSUSE Leap 42.2:php7-snmp-7.0.7-9.1 openSUSE Leap 42.2:php7-soap-7.0.7-9.1 openSUSE Leap 42.2:php7-sockets-7.0.7-9.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-9.1 openSUSE Leap 42.2:php7-tidy-7.0.7-9.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-9.1 openSUSE Leap 42.2:php7-wddx-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-9.1 openSUSE Leap 42.2:php7-xsl-7.0.7-9.1 openSUSE Leap 42.2:php7-zip-7.0.7-9.1 openSUSE Leap 42.2:php7-zlib-7.0.7-9.1 moderate 1.5 AV:L/AC:M/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9935.html CVE-2016-9935 https://bugzilla.suse.com/1015189 SUSE Bug 1015189 https://bugzilla.suse.com/1048097 SUSE Bug 1048097 The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. CVE-2016-9936 openSUSE Leap 42.2:apache2-mod_php7-7.0.7-9.1 openSUSE Leap 42.2:php7-7.0.7-9.1 openSUSE Leap 42.2:php7-bcmath-7.0.7-9.1 openSUSE Leap 42.2:php7-bz2-7.0.7-9.1 openSUSE Leap 42.2:php7-calendar-7.0.7-9.1 openSUSE Leap 42.2:php7-ctype-7.0.7-9.1 openSUSE Leap 42.2:php7-curl-7.0.7-9.1 openSUSE Leap 42.2:php7-dba-7.0.7-9.1 openSUSE Leap 42.2:php7-devel-7.0.7-9.1 openSUSE Leap 42.2:php7-dom-7.0.7-9.1 openSUSE Leap 42.2:php7-enchant-7.0.7-9.1 openSUSE Leap 42.2:php7-exif-7.0.7-9.1 openSUSE Leap 42.2:php7-fastcgi-7.0.7-9.1 openSUSE Leap 42.2:php7-fileinfo-7.0.7-9.1 openSUSE Leap 42.2:php7-firebird-7.0.7-9.1 openSUSE Leap 42.2:php7-fpm-7.0.7-9.1 openSUSE Leap 42.2:php7-ftp-7.0.7-9.1 openSUSE Leap 42.2:php7-gd-7.0.7-9.1 openSUSE Leap 42.2:php7-gettext-7.0.7-9.1 openSUSE Leap 42.2:php7-gmp-7.0.7-9.1 openSUSE Leap 42.2:php7-iconv-7.0.7-9.1 openSUSE Leap 42.2:php7-imap-7.0.7-9.1 openSUSE Leap 42.2:php7-intl-7.0.7-9.1 openSUSE Leap 42.2:php7-json-7.0.7-9.1 openSUSE Leap 42.2:php7-ldap-7.0.7-9.1 openSUSE Leap 42.2:php7-mbstring-7.0.7-9.1 openSUSE Leap 42.2:php7-mcrypt-7.0.7-9.1 openSUSE Leap 42.2:php7-mysql-7.0.7-9.1 openSUSE Leap 42.2:php7-odbc-7.0.7-9.1 openSUSE Leap 42.2:php7-opcache-7.0.7-9.1 openSUSE Leap 42.2:php7-openssl-7.0.7-9.1 openSUSE Leap 42.2:php7-pcntl-7.0.7-9.1 openSUSE Leap 42.2:php7-pdo-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-7.0.7-9.1 openSUSE Leap 42.2:php7-pear-Archive_Tar-7.0.7-9.1 openSUSE Leap 42.2:php7-pgsql-7.0.7-9.1 openSUSE Leap 42.2:php7-phar-7.0.7-9.1 openSUSE Leap 42.2:php7-posix-7.0.7-9.1 openSUSE Leap 42.2:php7-pspell-7.0.7-9.1 openSUSE Leap 42.2:php7-readline-7.0.7-9.1 openSUSE Leap 42.2:php7-shmop-7.0.7-9.1 openSUSE Leap 42.2:php7-snmp-7.0.7-9.1 openSUSE Leap 42.2:php7-soap-7.0.7-9.1 openSUSE Leap 42.2:php7-sockets-7.0.7-9.1 openSUSE Leap 42.2:php7-sqlite-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvmsg-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvsem-7.0.7-9.1 openSUSE Leap 42.2:php7-sysvshm-7.0.7-9.1 openSUSE Leap 42.2:php7-tidy-7.0.7-9.1 openSUSE Leap 42.2:php7-tokenizer-7.0.7-9.1 openSUSE Leap 42.2:php7-wddx-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlreader-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlrpc-7.0.7-9.1 openSUSE Leap 42.2:php7-xmlwriter-7.0.7-9.1 openSUSE Leap 42.2:php7-xsl-7.0.7-9.1 openSUSE Leap 42.2:php7-zip-7.0.7-9.1 openSUSE Leap 42.2:php7-zlib-7.0.7-9.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9936.html CVE-2016-9936 https://bugzilla.suse.com/1015191 SUSE Bug 1015191