Overview

File _patchinfo of Package patchinfo.525

<patchinfo incident="525">
  <packager>pgajdos</packager>
  <issue tracker="bnc" id="924972">VUL-0: CVE-2015-2787: php5,php53: Use-after-free vulnerability in the process_nested_data function inext/standard/var_unserializer.re...</issue>
  <issue tracker="bnc" id="924970">VUL-0: CVE-2015-2348: php5,php53: The move_uploaded_file implementation in ext/standard/basic_FUNCTIONs.c in PHP before 5.4.39, 5.5.x ...</issue>
  <issue tracker="bnc" id="922452">VUL-1: CVE-2015-2301: php5: use after free in phar_object.c</issue>
  <issue tracker="bnc" id="925109">VUL-0: php5,php53: PHP SoapClient's __call() type confusion through unserialize()</issue>
  <issue tracker="bnc" id="922451">VUL-1: CVE-2014-9705: php5: heap buffer overflow in enchant_broker_request_dict()</issue>
  <issue tracker="bnc" id="922022">VUL-1: php5, php53: php's built-in regular expression (regex) library contains a heap overflow vulnerability</issue>
  <issue tracker="bnc" id="923946">VUL-1: CVE-2014-9709: php5: embedded gd copy: buffer read overflow in gd_gif_in.c</issue>
  <issue tracker="cve" id="CVE-2015-2305"></issue>
  <issue tracker="cve" id="CVE-2015-2301"></issue>
  <issue tracker="cve" id="CVE-2015-2787"></issue>
  <issue tracker="cve" id="CVE-2015-2348"></issue>
  <issue tracker="cve" id="CVE-2014-9705"></issue>
  <issue tracker="cve" id="CVE-2014-9709"></issue>
  <issue tracker="cve" id="CVE-2015-3330"></issue>
  <issue tracker="cve" id="CVE-2015-3329"></issue>
  <issue tracker="cve" id="CVE-2015-2783"></issue>
  <issue tracker="bnc" id="928408">VUL-0: CVE-2015-3330: php5,php53: remote code execution with apache 2.4 apache2handler</issue>
  <issue tracker="bnc" id="928506">VUL-1: CVE-2015-3329: php5,php53: Buffer Over flow when parsing tar/zip/phar in phar_set_inode()</issue>
  <issue tracker="bnc" id="928511">VUL-1: CVE-2015-2783: php5,php53: Buffer Over-read in unserialize when parsing Phar</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for php5</summary>
  <description>PHP was updated to fix ten security issues.

The following vulnerabilities were fixed:

* CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd (bnc#923946)
* CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022)
* CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452)
* CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451)
* CVE-2015-2787: use-after-free vulnerability in the process_nested_data function (bnc#924972)
* unserialize SoapClient type confusion (bnc#925109)
* CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering a x00 character (bnc#924970)
* CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506)
* CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506)
* CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511)</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places