The PHP5 script interpreter was updated to fix various security issues:
- CVE-2015-6831: A use after free vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#942291] [bnc#942294] [bnc#942295]
- CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject
items could be used to crash php or potentially execute code.
[bnc#942293]
- CVE-2015-6833: A directory traversal when extracting ZIP files could be
used to overwrite files outside of intended area. [bnc#942296]
- CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#945403]
- CVE-2015-6835: A Use After Free Vulnerability in session unserialize()
has been fixed which could be used to crash php or potentially execute
code. [bnc#945402]
- CVE-2015-6836: A SOAP serialize_function_call() type confusion leading
to remote code execution problem was fixed. [bnc#945428]
- CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the
XSLTProcessor class were fixed. [bnc#945412]