Security update for php5
PHP was updated to fix three security issues.
The following vulnerabilities were fixed:
* use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972)
* unserialize SoapClient type confusion (bnc#925109)
* move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970)
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#925109
VUL-0: php5,php53: PHP SoapClient's __call() type confusion through unserialize()
bnc#924972
VUL-0: CVE-2015-2787: php5,php53: Use-after-free vulnerability in the process_nested_data function inext/standard/var_unserializer.re...
bnc#924970
VUL-0: CVE-2015-2348: php5,php53: The move_uploaded_file implementation in ext/standard/basic_FUNCTIONs.c in PHP before 5.4.39, 5.5.x ...
