Security update for PHP5 (important)

This update of php5 fixes multiple security flaws:

• CVE-2011-2202: A php5 upload filename injection was
  fixed.
• CVE-2011-4566: A integer overflow in the EXIF
  extension was fixed that could be used by attackers to
  crash the interpreter or potentially read memory
• CVE-2011-3182: Multiple NULL pointer dereferences
  were fixed that could lead to crashes
• CVE-2011-1466: An integer overflow in the PHP
  calendar extension was fixed that could have led to crashes.
• CVE-2011-1072: A symlink vulnerability in the PEAR
  installer could be exploited by local attackers to inject
  code.
• CVE-2011-4153: missing checks of return values could
  allow remote attackers to cause a denial of service (NULL
  pointer dereference)
• CVE-2011-4885: denial of service via hash collisions
• CVE-2012-0057: specially crafted XSLT stylesheets
  could allow remote attackers to create arbitrary files with
  arbitrary content
• CVE-2012-0781: remote attackers can cause a denial of
  service via specially crafted input to an application that
  attempts to perform Tidy::diagnose operations
• CVE-2012-0788: applications that use a PDO driver
  were prone to denial of service flaws which could be
  exploited remotely
• CVE-2012-0789: memory leak in the timezone
  functionality could allow remote attackers to cause a
  denial of service (memory consumption)
• CVE-2012-0807: a stack based buffer overflow in the
  php5 Suhosin extension could allow remote attackers to
  execute arbitrary code via a long string that is used in a
  Set-Cookie HTTP header
• CVE-2012-0830: this fixes an incorrect fix for
  CVE-2011-4885 which could allow remote attackers to execute
  arbitrary code via a request containing a large number of
  variables
• CVE-2012-0831: temporary changes to the
  magic_quotes_gpc directive during the importing of
  environment variables is not properly performed which makes
  it easier for remote attackers to conduct SQL injections

Also the following bugs have been fixed:

• allow uploading files bigger than 2GB for 64bit
  systems [bnc#709549]
• amend README.SUSE to discourage using apache module
  with apache2-worker [bnc#728671]