This update for php53 fixes several issues.
These security issues were fixed:
- CVE-2016-10712: In PHP all of the return values of stream_get_meta_data
could be controlled if the input can be controlled (e.g., during file
uploads). (bsc#1080234)
- CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the
URI of a request for a .phar file that allowed for information
disclosure (bsc#1076220)
- CVE-2018-5711: Prevent integer signedness error that could have lead to
an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391)
- CVE-2016-5773: php_zip.c in the zip extension in PHP improperly
interacted with the unserialize implementation and garbage collection,
which allowed remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash) via crafted
serialized data containing a ZipArchive object. (bsc#986247)
- CVE-2016-5771: spl_array.c in the SPL extension in PHP improperly
interacted with the unserialize implementation and garbage collection,
which allowed remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash) via crafted
serialized data. (bsc#986391)
- CVE-2018-7584: Fixed stack-based buffer under-read while parsing an
HTTPresponse in the php_stream_url_wrap_http_ex. (bsc#1083639)