Security update for php5
The PHP script interpreter was updated to receive various security fixes:
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#935232
VUL-0: CVE-2015-4598: php5,php53: missing null byte checks for paths in various PHP extensions
bnc#935225
VUL-0: CVE-2015-4604 CVE-2015-4605: php5,php53: denial of service when processing a crafted file with Fileinfo
bnc#935224
VUL-0: CVE-2015-4602: php5,php53: Incomplete Class unserialization type confusion
bnc#935234
VUL-0: CVE-2015-4603: php5,php53: exception::getTraceAsString type confusion issue after unserialize
bnc#935226
VUL-0: CVE-2015-4599 CVE-2015-4600 CVE-2015-4601: php5,php53: type confusion issue in unserialize() with various SOAP methods
bnc#935227
VUL-0: CVE-2015-3411: php5,php53: missing null byte checks for paths in various PHP extensions
bnc#935274
VUL-0: CVE-2015-4644: php5,ph53: segfault in php_pgsql_meta_data
bnc#935275
VUL-0: CVE-2015-4643: php5,php53: Integer overflow in ftp_genlist() resulting in heap overflow
