php5 was updated to fix nine security issues.
These security issues were fixed:
- CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP’s GC
algorithm and unserialize (bsc#986247).
- CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244).
- CVE-2016-5771: Use After Free Vulnerability in PHP’s GC algorithm and
unserialize (bsc#986391).
- CVE-2016-5770: int/size_t confusion in SplFileObject::fread (bsc#986392).
- CVE-2016-5768: Double free in _php_mb_regex_ereg_replace_exec -
(bsc#986246).
- CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows
(bsc#986388).
- CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004).
- CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow (bsc#986393).
- CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap
overflow (bsc#986386).