Lucene search

K
suseSuseSUSE-SU-2015:0868-1
HistoryMay 13, 2015 - 3:07 p.m.

Security update for php5 (important)

2015-05-1315:07:04
lists.opensuse.org
24

EPSS

0.681

Percentile

98.0%

PHP was updated to fix ten security issues.

The following vulnerabilities were fixed:

  • CVE-2014-9709: A specially crafted GIF file could cause a buffer read
    overflow in php-gd (bnc#923946)
  • CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)
  • CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)
  • CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)
  • CVE-2015-2787: use-after-free vulnerability in the process_nested_data
    function (bnc#924972)
  • unserialize SoapClient type confusion (bnc#925109)
  • CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering
    a x00 character (bnc#924970)
  • CVE-2015-3330: Specially crafted PHAR files could, when executed under
    Apache httpd 2.4 (apache2handler), allow arbitrary code execution
    (bnc#928506)
  • CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of
    sensitive information due to a buffer overflow (bnc#928506)
  • CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of
    sensitive information due to a buffer over-read (bnc#928511)