Overview

File _patchinfo of Package patchinfo.639

<patchinfo incident="639">
  <issue id="931769" tracker="bnc">CVE-2015-4021: php5, php53: memory corruption in phar_parse_tarfile when entry filename starts with NULL</issue>
  <issue id="931421" tracker="bnc">CVE-2015-4024: php5, php53: Multipart/form-data remote dos Vulnerability</issue>
  <issue id="931772" tracker="bnc">CVE-2015-4022: php5, php53:  overflow in ftp_genlist() resulting in heap overflow</issue>
  <issue id="931776" tracker="bnc">CVE-2015-4026: php: pcntl_exec() does not check path validity</issue>
  <issue id="927147" tracker="bnc">configure php-fpm with --localstatedir=/var</issue>
  <issue id="919080" tracker="bnc">fix timezone map</issue>
  <issue id="933227" tracker="bnc">CVE-2015-4148: SoapClient's do_soap_call() type confusion after unserialize() information disclosure</issue>
  <issue id="CVE-2015-4021" tracker="cve" />
  <issue id="CVE-2015-4022" tracker="cve" />
  <issue id="CVE-2015-4024" tracker="cve" />
  <issue id="CVE-2015-4026" tracker="cve" />
  <issue id="CVE-2015-4148" tracker="cve" />
<issue tracker="bnc" id="935224"/>
<issue tracker="bnc" id="935226"/>
<issue tracker="bnc" id="935232"/>
<issue tracker="bnc" id="935234"/>
<issue tracker="bnc" id="935274"/>
<issue tracker="bnc" id="935275"/>
<issue tracker="bnc" id="935227"/>
<issue tracker="cve" id="CVE-2015-3411"/>
<issue tracker="cve" id="CVE-2015-3412"/>
<issue tracker="cve" id="CVE-2015-4598"/>
<issue tracker="cve" id="CVE-2015-4599"/>
<issue tracker="cve" id="CVE-2015-4600"/>
<issue tracker="cve" id="CVE-2015-4601"/>
<issue tracker="cve" id="CVE-2015-4602"/>
<issue tracker="cve" id="CVE-2015-4603"/>
<issue tracker="cve" id="CVE-2015-4643"/>
<issue tracker="cve" id="CVE-2015-4644"/>

  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>This security update of PHP fixes the following issues:

Security issues fixed:

* CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability.
* CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity.
* CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow.
* CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL.
* CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure.
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.

Bugs fixed:

* configure php-fpm with --localstatedir=/var [bnc#927147]
* fix timezone map [bnc#919080]
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places