Update for ImageMagick, ImageMagick.256, Mozilla... security important

update for php5

php5 security update

Fixed bugs
bnc#728671
PHP: improve doc to discourage using php module with apache2-worker
bnc#736169
VUL-1: CVE-2011-1466: php5: Integer overflow in the Calendar extension in PHP
bnc#738221
VUL-0: php5: hash collision denial of service attack
bnc#733590
VUL-1: CVE-2011-4566: php5: integer overflow in exif extension
CVE-CVE-2011-1466
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
CVE-CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val va
CVE-CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a
CVE-CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
CVE-CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls t
CVE-CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists
bnc#742273
VUL-0: php5 Tidy::diagnose NULL deref cash
bnc#742806
VUL-0: more bugfixes in PHP 5.3.9
bnc#744966
VUL-0: php remote code execution
bnc#746661
php5: PG(magic_quote_gpc) was not restored on shutdown
bnc#741859
php5: Null pointer dereference causing DoS
bnc#743308
php5: stack based buffer overflow in suhosin's cookie encryption
bnc#741520
php XSLT arbitrary file creation
CVE-CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
CVE-CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to m
CVE-CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup opera
CVE-CVE-2012-0807
Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote atta
CVE-CVE-2011-1072
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerabilit
CVE-CVE-2011-3182
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer ove
bnc#713652
VUL-1: CVE-2011-3182: PHP5: multiple null pointer dereference
bnc#735613
VUL-1: CVE-2011-1072: php-pear: symlink vulnerability in PEAR installer
bnc#749111
php5: regression in maintenance updates for SWAMP 44760
Selected Binaries
openSUSE Build Service is sponsored by