Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
patchinfo.1125
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.1125
<patchinfo incident="1125"> <issue id="945428" tracker="bnc">VUL-0: CVE-2015-6836: php53, php5: SOAP serialize_function_call() type confusion / RCE</issue> <issue id="945402" tracker="bnc">VUL-0: CVE-2015-6835: php5 , php53: Use after free vulnerability in session deserializer</issue> <issue id="945403" tracker="bnc">VUL-0: CVE-2015-6834: php5, php53: Use After Free Vulnerability in unserialize()</issue> <issue id="945412" tracker="bnc">VUL-0: CVE-2015-6837 CVE-2015-6838: php5, php53: NULL pointer dereference in XSLTProcessor class</issue> <issue id="944302" tracker="bnc">php5 and openhpi fails to build if MD5 and DES support disabled in net-snmp</issue> <issue id="935074" tracker="bnc">L3: Bugfix request for PHP bug 61387 (segfault in odbc_fetch_array)</issue> <issue id="942293" tracker="bnc">VUL-0: php5,php53: Dangling pointer in the unserialization of ArrayObject items</issue> <issue id="942291" tracker="bnc">VUL-0: CVE-2015-6831: php5,php53: Use After Free Vulnerability in unserialize() with SPLArrayObject</issue> <issue id="942296" tracker="bnc">VUL-1: php5,php53: phar: Files extracted from archive may be placed outside of destination directory</issue> <issue id="942294" tracker="bnc">VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplObjectStorage</issue> <issue id="942295" tracker="bnc">VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplDoublyLinkedList</issue> <issue id="CVE-2015-6831" tracker="cve" /> <issue id="CVE-2015-6832" tracker="cve" /> <issue id="CVE-2015-6833" tracker="cve" /> <issue id="CVE-2015-6834" tracker="cve" /> <issue id="CVE-2015-6835" tracker="cve" /> <issue id="CVE-2015-6836" tracker="cve" /> <issue id="CVE-2015-6837" tracker="cve" /> <issue id="CVE-2015-6838" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description> This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Bugfixes: * Compare with SQL_NULL_DATA correctly [bnc#935074] * If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302) Also the Suhosin framework was updated to 0.9.38. [fate#319325] </description> <summary>Security update for php5</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor