Security update for php5 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1628-1 Final 1 1 2015-09-17T09:48:51Z current 2015-09-17T09:48:51Z 2015-09-17T09:48:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html E-Mail link for openSUSE-SU-2015:1628-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings apache2-mod_php5-5.4.20-67.1 php5-5.4.20-67.1 php5-bcmath-5.4.20-67.1 php5-bz2-5.4.20-67.1 php5-calendar-5.4.20-67.1 php5-ctype-5.4.20-67.1 php5-curl-5.4.20-67.1 php5-dba-5.4.20-67.1 php5-devel-5.4.20-67.1 php5-dom-5.4.20-67.1 php5-enchant-5.4.20-67.1 php5-exif-5.4.20-67.1 php5-fastcgi-5.4.20-67.1 php5-fileinfo-5.4.20-67.1 php5-firebird-5.4.20-67.1 php5-fpm-5.4.20-67.1 php5-ftp-5.4.20-67.1 php5-gd-5.4.20-67.1 php5-gettext-5.4.20-67.1 php5-gmp-5.4.20-67.1 php5-iconv-5.4.20-67.1 php5-imap-5.4.20-67.1 php5-intl-5.4.20-67.1 php5-json-5.4.20-67.1 php5-ldap-5.4.20-67.1 php5-mbstring-5.4.20-67.1 php5-mcrypt-5.4.20-67.1 php5-mssql-5.4.20-67.1 php5-mysql-5.4.20-67.1 php5-odbc-5.4.20-67.1 php5-openssl-5.4.20-67.1 php5-pcntl-5.4.20-67.1 php5-pdo-5.4.20-67.1 php5-pear-5.4.20-67.1 php5-pgsql-5.4.20-67.1 php5-phar-5.4.20-67.1 php5-posix-5.4.20-67.1 php5-pspell-5.4.20-67.1 php5-readline-5.4.20-67.1 php5-shmop-5.4.20-67.1 php5-snmp-5.4.20-67.1 php5-soap-5.4.20-67.1 php5-sockets-5.4.20-67.1 php5-sqlite-5.4.20-67.1 php5-suhosin-5.4.20-67.1 php5-sysvmsg-5.4.20-67.1 php5-sysvsem-5.4.20-67.1 php5-sysvshm-5.4.20-67.1 php5-tidy-5.4.20-67.1 php5-tokenizer-5.4.20-67.1 php5-wddx-5.4.20-67.1 php5-xmlreader-5.4.20-67.1 php5-xmlrpc-5.4.20-67.1 php5-xmlwriter-5.4.20-67.1 php5-xsl-5.4.20-67.1 php5-zip-5.4.20-67.1 php5-zlib-5.4.20-67.1 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. CVE-2015-6831 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6831.html CVE-2015-6831 https://bugzilla.suse.com/942291 SUSE Bug 942291 https://bugzilla.suse.com/942294 SUSE Bug 942294 https://bugzilla.suse.com/942295 SUSE Bug 942295 https://bugzilla.suse.com/945188 SUSE Bug 945188 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. CVE-2015-6832 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6832.html CVE-2015-6832 https://bugzilla.suse.com/942293 SUSE Bug 942293 https://bugzilla.suse.com/945189 SUSE Bug 945189 Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. CVE-2015-6833 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6833.html CVE-2015-6833 https://bugzilla.suse.com/942296 SUSE Bug 942296 https://bugzilla.suse.com/980366 SUSE Bug 980366 Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. CVE-2015-6834 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6834.html CVE-2015-6834 https://bugzilla.suse.com/1015191 SUSE Bug 1015191 https://bugzilla.suse.com/945403 SUSE Bug 945403 The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. CVE-2015-6835 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6835.html CVE-2015-6835 https://bugzilla.suse.com/945402 SUSE Bug 945402 The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. CVE-2015-6836 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6836.html CVE-2015-6836 https://bugzilla.suse.com/945428 SUSE Bug 945428 https://bugzilla.suse.com/980366 SUSE Bug 980366 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. CVE-2015-6837 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6837.html CVE-2015-6837 https://bugzilla.suse.com/945412 SUSE Bug 945412 https://bugzilla.suse.com/980366 SUSE Bug 980366 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. CVE-2015-6838 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-09/msg00025.html https://www.suse.com/security/cve/CVE-2015-6838.html CVE-2015-6838 https://bugzilla.suse.com/945412 SUSE Bug 945412 https://bugzilla.suse.com/980366 SUSE Bug 980366