PHP was updated to fix three security issues.
The following vulnerabilities were fixed:
- CVE-2015-3330: Specially crafted PHAR files could, when executed under
Apache httpd 2.4 (apache2handler), allow arbitrary code execution
(bnc#928506)
- CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of
sensitive information due to a buffer overflow (bnc#928506)
- CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of
sensitive information due to a buffer over-read (bnc#928511)
On openSUSE 13.2, the following bug was fixed:
- boo#927147: php5-fpm did not start correctly