PHP was updated to fix ten security issues.
The following vulnerabilities were fixed:
- CVE-2014-9709: A specially crafted GIF file could cause a buffer read
overflow in php-gd (bnc#923946)
- CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)
- CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)
- CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)
- CVE-2015-2787: use-after-free vulnerability in the process_nested_data
function (bnc#924972)
- unserialize SoapClient type confusion (bnc#925109)
- CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering
a x00 character (bnc#924970)
- CVE-2015-3330: Specially crafted PHAR files could, when executed under
Apache httpd 2.4 (apache2handler), allow arbitrary code execution
(bnc#928506)
- CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of
sensitive information due to a buffer overflow (bnc#928506)
- CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of
sensitive information due to a buffer over-read (bnc#928511)