Security update for PHP5 (important)

2012-07-05T03:08:30
ID SUSE-SU-2012:0840-1
Type suse
Reporter Suse
Modified 2012-07-05T03:08:30

Description

PHP5 was updated with incremental fixes to the previous update.

  • CVE-2012-2335: Additional unsafe cgi wrapper scripts are also fixed now.
  • CVE-2012-2336: Even more commandline option handling is filtered, which could lead to crashes of the php interpreter.
  • CVE-2012-2386: heap based buffer overflow in php's phar extension
  • CVE-2012-2143: The crypt() implementation ignored wide characters, leading to shorter effective password lengths. Note: With this update applied affected passwords will no longer work and need to be set again.