This update for php5 fixes the following security issues:
- CVE-2016-4073: A remote attacker could have caused denial of service, or
possibly execute arbitrary code, due to incorrect handling of string
length calculations in mb_strcut() (bsc#977003)
- CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not
return cryptographically secure random bytes (bsc#977005)
- CVE-2016-4070: The libxml_disable_entity_loader() setting was shared
between threads, which could have resulted in XML external entity
injection and entity expansion issues (bsc#976997)
- CVE-2015-8866: A remote attacker could have caused denial of service due
to incorrect handling of large strings in php_raw_url_encode()
(bsc#976996)
- CVE-2016-4071: A remote attacker could have caused denial of service, or
possibly execute arbitrary code, due to incorrect handling of string
formatting in php_snmp_error() (bsc#977000)