Overview

File _patchinfo of Package patchinfo.2999

<patchinfo>
  <issue id="893853" tracker="bnc">VUL-0: CVE-2014-3597: php5, php53: incomplete fix for CVE-2014-4049</issue>
  <issue id="893849" tracker="bnc">VUL-1: CVE-2014-5459: php5, php53: php5-pear, php53-pear: insecure temporary file use for cache data</issue>
  <issue id="893855" tracker="bnc">VUL-0: CVE-2014-5120: php5, php53: php5-gd, php53-gd: NUL byte injection in filenames passed to image handling functions</issue>
  <issue id="895658" tracker="bnc">Suhosin Crashed if used with with php session_set_save_handler()</issue>
  <issue id="CVE-2014-5120" tracker="cve" />
  <issue id="CVE-2014-3597" tracker="cve" />
  <issue id="CVE-2014-5459" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>
php5 was updated to fix three security issues:

- Insecure temporary file use for cache data was fixed by switching to a different root only directory /var/cache/php-pear (CVE-2014-5459)
- An incomplete fix for CVE-2014-4049 (CVE-2014-3597) 
- gd extension: NUL byte injection in filenames passed to image handling functions was fixed (CVE-2014-5120)

Also a bug was fixed:
- fixed suhosin crash if used with php session_set_save_handler() 
  [bnc#895658]
</description>
  <summary>php5: security update</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places