SuSE: 2015:1265-1: important: PHP
Summary
The PHP script interpreter was updated to fix various security issues:
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class
unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type
confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type
confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in
ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227],
[bnc#935232]: Added missing null byte checks for paths in various
PHP extensions.
* CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type
confusion after unserialize() information disclosure.
Also the following bug were fixed:
* fix a segmentation fault in odbc_fetch_array [bnc#935074]
* fix timezone map [bnc#919080]
Security Issues:
* CVE-2015-3411
References
#919080 #933227 #935074 #935224 #935226 #935227
#935232 #935234 #935274 #935275
Cross- CVE-2015-3411 CVE-2015-3412 CVE-2015-4148
CVE-2015-4598 CVE-2015-4599 CVE-2015-4600
CVE-2015-4601 CVE-2015-4602 CVE-2015-4603
CVE-2015-4643 CVE-2015-4644
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
https://www.suse.com/security/cve/CVE-2015-3411.html
https://www.suse.com/security/cve/CVE-2015-3412.html
https://www.suse.com/security/cve/CVE-2015-4148.html
https://www.suse.com/security/cve/CVE-2015-4598.html
https://www.suse.com/security/cve/CVE-2015-4599.html
https://www.suse.com/security/cve/CVE-2015-4600.html
https://www.suse.com/security/cve/CVE-2015-4601.html
https://www.suse.com/security/cve/CVE-2015-4602.html
https://www.suse.com/security/cve/CVE-2015-4603.html
https://www.suse.com/security/cve/CVE-2015-4643.html
https://www.suse.com/security/cve/CVE-2015-4644.html
https://bugzilla.suse.com/919080
https://bugzilla.suse.com/933227
https://bugzilla.suse.com/935074
https://bugzilla.suse.com/935224
https://bugzilla.suse.com/935226
https://bugzilla.suse.com/935227
https://bugzilla.suse.com/935232
https://bugzilla.suse.com/935234
https://bugzilla.suse.com/935274
https://bugzilla.suse.com/935275
https://scc.suse.com:443/patches/