php5: security update
php5 was updated to fix three security issues:
- Insecure temporary file use for cache data was fixed by switching to a different root only directory /var/cache/php-pear (CVE-2014-5459)
- An incomplete fix for CVE-2014-4049 (CVE-2014-3597)
- gd extension: NUL byte injection in filenames passed to image handling functions was fixed (CVE-2014-5120)
Also a bug was fixed:
- fixed suhosin crash if used with php session_set_save_handler()
[bnc#895658]
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#893853
VUL-0: CVE-2014-3597: php5, php53: incomplete fix for CVE-2014-4049
bnc#893849
VUL-1: CVE-2014-5459: php5, php53: php5-pear, php53-pear: insecure temporary file use for cache data
bnc#893855
VUL-0: CVE-2014-5120: php5, php53: php5-gd, php53-gd: NUL byte injection in filenames passed to image handling functions
bnc#895658
Suhosin Crashed if used with with php session_set_save_handler()
