The PHP script interpreter was updated to fix various security issues:
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class
unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type
confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type
confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in
ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],
[bnc#935232]: Added missing null byte checks for paths in various
PHP extensions.
* CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type
confusion after unserialize() information disclosure.
Also the following bug were fixed:
* fix a segmentation fault in odbc_fetch_array [bnc#935074]
* fix timezone map [bnc#919080]
Security Issues:
* CVE-2015-3411
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411</a>>
* CVE-2015-3412
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412</a>>
* CVE-2015-4148
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148</a>>
* CVE-2015-4598
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598</a>>
* CVE-2015-4599
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599</a>>
* CVE-2015-4600
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600</a>>
* CVE-2015-4601
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601</a>>
* CVE-2015-4602
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602</a>>
* CVE-2015-4603
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603</a>>
* CVE-2015-4643
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643</a>>
* CVE-2015-4644
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644</a>>
bugzilla.suse.com/919080
bugzilla.suse.com/933227
bugzilla.suse.com/935074
bugzilla.suse.com/935224
bugzilla.suse.com/935226
bugzilla.suse.com/935227
bugzilla.suse.com/935232
bugzilla.suse.com/935234
bugzilla.suse.com/935274
bugzilla.suse.com/935275
download.suse.com/patch/finder/?keywords=81cfeb3c78f7d93b7833bcf7ec9abc68