Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for php5

This update for php5 fixes the following security issues:

- bsc#974305: buffer overflow in libmagic
- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792).
- CVE-2015-8835: SoapClient s__call method suffered from type confusion issue (bnc#973351).
- CVE-2016-3141: A use-after-free / double-free in the WDDX
deserialization could lead to crashes or potential code
execution. [bsc#969821]
- CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912]
- CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to
overwritten files. [bsc#971612]
- CVE-2016-3185: A type confusion vulnerability in
make_http_soap_request() could lead to crashes or potentially code
execution. [bsc#971611]

Fixed bugs
bnc#971611
VUL-0: CVE-2016-3185: php5: Type confusion vulnerability in make_http_soap_request()
bnc#971612
VUL-0: CVE-2014-9767: php5: ZipArchive::extractTo allows for directory traversal when creating directories
bnc#969821
L3-Question: VUL-1: CVE-2016-3141: php5: PHP Bugfix (71587) - Use-After-Free / Double-Free in WDDX Deserialize
bnc#971912
VUL-0: CVE-2016-3142: php5: Out-of-bounds read in phar_parse_zipfile()
bnc#973351
VUL-0: CVE-2015-8835: php5,php53: SoapClient s __call method suffers from type confusion issue
bnc#973792
VUL-0: CVE-2015-8838: php5,php53: mysqlnd is vulnerable to BACKRONYM
bnc#974305
VUL-1: php5: Buffer over-write in finfo_open with malformed magic file.
CVE-CVE-2015-8838
CVE-CVE-2015-8835
CVE-CVE-2014-9767
CVE-CVE-2016-3185
CVE-CVE-2016-3142
CVE-CVE-2016-3141
Selected Binaries
openSUSE Build Service is sponsored by
Places