Lucene search

K
suseSuseSUSE-SU-2015:1818-1
HistoryOct 26, 2015 - 3:09 p.m.

Security update for php53 (important)

2015-10-2615:09:54
lists.opensuse.org
33

EPSS

0.028

Percentile

90.8%

This update of PHP5 brings several security fixes.

Security fixes:

  • CVE-2015-6831: A use after free vulnerability in unserialize() has been
    fixed which could be used to crash php or potentially execute code.
    [bnc#942291] [bnc#942294] [bnc#942295]
  • CVE-2015-6836: A SOAP serialize_function_call() type confusion leading
    to remote code execution problem was fixed. [bnc#945428]
  • CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the
    XSLTProcessor class were fixed. [bnc#945412]

It also includes a bugfix for the odbc module:

  • compare with SQL_NULL_DATA correctly [bnc#935074]