Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0684-1 Final 1 1 2015-04-02T16:01:35Z current 2015-04-02T16:01:35Z 2015-04-02T16:01:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 PHP was updated to fix three security issues. The following vulnerabilities were fixed: * use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972) * unserialize SoapClient type confusion (bnc#925109) * move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html E-Mail link for openSUSE-SU-2015:0684-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings apache2-mod_php5-5.4.20-49.1 php5-5.4.20-49.1 php5-bcmath-5.4.20-49.1 php5-bz2-5.4.20-49.1 php5-calendar-5.4.20-49.1 php5-ctype-5.4.20-49.1 php5-curl-5.4.20-49.1 php5-dba-5.4.20-49.1 php5-devel-5.4.20-49.1 php5-dom-5.4.20-49.1 php5-enchant-5.4.20-49.1 php5-exif-5.4.20-49.1 php5-fastcgi-5.4.20-49.1 php5-fileinfo-5.4.20-49.1 php5-firebird-5.4.20-49.1 php5-fpm-5.4.20-49.1 php5-ftp-5.4.20-49.1 php5-gd-5.4.20-49.1 php5-gettext-5.4.20-49.1 php5-gmp-5.4.20-49.1 php5-iconv-5.4.20-49.1 php5-imap-5.4.20-49.1 php5-intl-5.4.20-49.1 php5-json-5.4.20-49.1 php5-ldap-5.4.20-49.1 php5-mbstring-5.4.20-49.1 php5-mcrypt-5.4.20-49.1 php5-mssql-5.4.20-49.1 php5-mysql-5.4.20-49.1 php5-odbc-5.4.20-49.1 php5-openssl-5.4.20-49.1 php5-pcntl-5.4.20-49.1 php5-pdo-5.4.20-49.1 php5-pear-5.4.20-49.1 php5-pgsql-5.4.20-49.1 php5-phar-5.4.20-49.1 php5-posix-5.4.20-49.1 php5-pspell-5.4.20-49.1 php5-readline-5.4.20-49.1 php5-shmop-5.4.20-49.1 php5-snmp-5.4.20-49.1 php5-soap-5.4.20-49.1 php5-sockets-5.4.20-49.1 php5-sqlite-5.4.20-49.1 php5-suhosin-5.4.20-49.1 php5-sysvmsg-5.4.20-49.1 php5-sysvsem-5.4.20-49.1 php5-sysvshm-5.4.20-49.1 php5-tidy-5.4.20-49.1 php5-tokenizer-5.4.20-49.1 php5-wddx-5.4.20-49.1 php5-xmlreader-5.4.20-49.1 php5-xmlrpc-5.4.20-49.1 php5-xmlwriter-5.4.20-49.1 php5-xsl-5.4.20-49.1 php5-zip-5.4.20-49.1 php5-zlib-5.4.20-49.1 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-2348 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html https://www.suse.com/security/cve/CVE-2015-2348.html CVE-2015-2348 https://bugzilla.suse.com/924970 SUSE Bug 924970 https://bugzilla.suse.com/935227 SUSE Bug 935227 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. CVE-2015-2787 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html https://www.suse.com/security/cve/CVE-2015-2787.html CVE-2015-2787 https://bugzilla.suse.com/924972 SUSE Bug 924972 https://bugzilla.suse.com/980366 SUSE Bug 980366