Overview

File _patchinfo of Package patchinfo.3869

<patchinfo incident="3869">
  <issue id="935232" tracker="bnc">VUL-0: CVE-2015-4598: php5,php53: missing null byte checks for paths in various PHP extensions</issue>
  <issue id="935225" tracker="bnc">VUL-0: CVE-2015-4604 CVE-2015-4605: php5,php53: denial of service when processing a crafted file with Fileinfo</issue>
  <issue id="935224" tracker="bnc">VUL-0: CVE-2015-4602: php5,php53: Incomplete Class unserialization type confusion</issue>
  <issue id="935234" tracker="bnc">VUL-0: CVE-2015-4603: php5,php53: exception::getTraceAsString type confusion issue after unserialize</issue>
  <issue id="935226" tracker="bnc">VUL-0: CVE-2015-4599 CVE-2015-4600 CVE-2015-4601: php5,php53: type confusion issue in unserialize() with various SOAP methods</issue>
  <issue id="935227" tracker="bnc">VUL-0: CVE-2015-3411: php5,php53: missing null byte checks for paths in various PHP extensions</issue>
  <issue id="935274" tracker="bnc">VUL-0: CVE-2015-4644: php5,ph53: segfault in php_pgsql_meta_data</issue>
  <issue id="935275" tracker="bnc">VUL-0: CVE-2015-4643: php5,php53: Integer overflow in ftp_genlist() resulting in heap overflow</issue>
  <issue id="CVE-2015-3411" tracker="cve" />
  <issue id="CVE-2015-3412" tracker="cve" />
  <issue id="CVE-2015-4598" tracker="cve" />
  <issue id="CVE-2015-4601" tracker="cve" />
  <issue id="CVE-2015-4600" tracker="cve" />
  <issue id="CVE-2015-4603" tracker="cve" />
  <issue id="CVE-2015-4602" tracker="cve" />
  <issue id="CVE-2015-4605" tracker="cve" />
  <issue id="CVE-2015-4604" tracker="cve" />
  <issue id="CVE-2015-4599" tracker="cve" />
  <issue id="CVE-2015-4644" tracker="cve" />
  <issue id="CVE-2015-4643" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>
The PHP script interpreter was updated to receive various security fixes:

* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places