Security update for php5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0868-1 Final 1 1 2015-04-28T14:21:26Z current 2015-04-28T14:21:26Z 2015-04-28T14:21:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 PHP was updated to fix ten security issues. The following vulnerabilities were fixed: * CVE-2014-9709: A specially crafted GIF file could cause a buffer read overflow in php-gd (bnc#923946) * CVE-2015-2301: Memory was use after it was freed in PHAR (bnc#922022) * CVE-2015-2305: heap overflow vulnerability in regcomp.c (bnc#922452) * CVE-2014-9705: heap buffer overflow in Enchant (bnc#922451) * CVE-2015-2787: use-after-free vulnerability in the process_nested_data function (bnc#924972) * unserialize SoapClient type confusion (bnc#925109) * CVE-2015-2348: move_uploaded_file truncates a pathNAME upon encountering a x00 character (bnc#924970) * CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 (apache2handler), allow arbitrary code execution (bnc#928506) * CVE-2015-3329: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer overflow (bnc#928506) * CVE-2015-2783: Specially crafted PHAR data could lead to disclosure of sensitive information due to a buffer over-read (bnc#928511) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Web-Scripting-12-2015-192,SUSE-SLE-SDK-12-2015-192 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ Link for SUSE-SU-2015:0868-1 https://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html E-Mail link for SUSE-SU-2015:0868-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/922022 SUSE Bug 922022 https://bugzilla.suse.com/922451 SUSE Bug 922451 https://bugzilla.suse.com/922452 SUSE Bug 922452 https://bugzilla.suse.com/923946 SUSE Bug 923946 https://bugzilla.suse.com/924970 SUSE Bug 924970 https://bugzilla.suse.com/924972 SUSE Bug 924972 https://bugzilla.suse.com/925109 SUSE Bug 925109 https://bugzilla.suse.com/928408 SUSE Bug 928408 https://bugzilla.suse.com/928506 SUSE Bug 928506 https://bugzilla.suse.com/928511 SUSE Bug 928511 https://www.suse.com/security/cve/CVE-2014-9705/ SUSE CVE CVE-2014-9705 page https://www.suse.com/security/cve/CVE-2014-9709/ SUSE CVE CVE-2014-9709 page https://www.suse.com/security/cve/CVE-2015-2301/ SUSE CVE CVE-2015-2301 page https://www.suse.com/security/cve/CVE-2015-2305/ SUSE CVE CVE-2015-2305 page https://www.suse.com/security/cve/CVE-2015-2348/ SUSE CVE CVE-2015-2348 page https://www.suse.com/security/cve/CVE-2015-2783/ SUSE CVE CVE-2015-2783 page https://www.suse.com/security/cve/CVE-2015-2787/ SUSE CVE CVE-2015-2787 page https://www.suse.com/security/cve/CVE-2015-3329/ SUSE CVE CVE-2015-3329 page https://www.suse.com/security/cve/CVE-2015-3330/ SUSE CVE CVE-2015-3330 page SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Software Development Kit 12 apache2-mod_php5-5.5.14-22.1 php5-5.5.14-22.1 php5-bcmath-5.5.14-22.1 php5-bz2-5.5.14-22.1 php5-calendar-5.5.14-22.1 php5-ctype-5.5.14-22.1 php5-curl-5.5.14-22.1 php5-dba-5.5.14-22.1 php5-dom-5.5.14-22.1 php5-enchant-5.5.14-22.1 php5-exif-5.5.14-22.1 php5-fastcgi-5.5.14-22.1 php5-fileinfo-5.5.14-22.1 php5-fpm-5.5.14-22.1 php5-ftp-5.5.14-22.1 php5-gd-5.5.14-22.1 php5-gettext-5.5.14-22.1 php5-gmp-5.5.14-22.1 php5-iconv-5.5.14-22.1 php5-intl-5.5.14-22.1 php5-json-5.5.14-22.1 php5-ldap-5.5.14-22.1 php5-mbstring-5.5.14-22.1 php5-mcrypt-5.5.14-22.1 php5-mysql-5.5.14-22.1 php5-odbc-5.5.14-22.1 php5-openssl-5.5.14-22.1 php5-pcntl-5.5.14-22.1 php5-pdo-5.5.14-22.1 php5-pear-5.5.14-22.1 php5-pgsql-5.5.14-22.1 php5-pspell-5.5.14-22.1 php5-shmop-5.5.14-22.1 php5-snmp-5.5.14-22.1 php5-soap-5.5.14-22.1 php5-sockets-5.5.14-22.1 php5-sqlite-5.5.14-22.1 php5-suhosin-5.5.14-22.1 php5-sysvmsg-5.5.14-22.1 php5-sysvsem-5.5.14-22.1 php5-sysvshm-5.5.14-22.1 php5-tokenizer-5.5.14-22.1 php5-wddx-5.5.14-22.1 php5-xmlreader-5.5.14-22.1 php5-xmlrpc-5.5.14-22.1 php5-xmlwriter-5.5.14-22.1 php5-xsl-5.5.14-22.1 php5-zip-5.5.14-22.1 php5-zlib-5.5.14-22.1 php5-devel-5.5.14-22.1 apache2-mod_php5-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bcmath-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bz2-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-calendar-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ctype-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-curl-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dba-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dom-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-enchant-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-exif-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fastcgi-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fileinfo-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fpm-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ftp-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gd-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gettext-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gmp-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-iconv-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-intl-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-json-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ldap-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mbstring-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mcrypt-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mysql-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-odbc-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-openssl-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pcntl-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pdo-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pear-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pgsql-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pspell-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-shmop-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-snmp-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-soap-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sockets-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sqlite-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-suhosin-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvmsg-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvsem-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvshm-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-tokenizer-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-wddx-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlreader-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlrpc-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlwriter-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xsl-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zip-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zlib-5.5.14-22.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-devel-5.5.14-22.1 as a component of SUSE Linux Enterprise Software Development Kit 12 Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. CVE-2014-9705 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2014-9705.html CVE-2014-9705 https://bugzilla.suse.com/922451 SUSE Bug 922451 https://bugzilla.suse.com/980366 SUSE Bug 980366 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. CVE-2014-9709 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2014-9709.html CVE-2014-9709 https://bugzilla.suse.com/923945 SUSE Bug 923945 https://bugzilla.suse.com/923946 SUSE Bug 923946 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. CVE-2015-2301 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-2301.html CVE-2015-2301 https://bugzilla.suse.com/922452 SUSE Bug 922452 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. CVE-2015-2305 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-2305.html CVE-2015-2305 https://bugzilla.suse.com/1040662 SUSE Bug 1040662 https://bugzilla.suse.com/921950 SUSE Bug 921950 https://bugzilla.suse.com/922022 SUSE Bug 922022 https://bugzilla.suse.com/922028 SUSE Bug 922028 https://bugzilla.suse.com/922030 SUSE Bug 922030 https://bugzilla.suse.com/922043 SUSE Bug 922043 https://bugzilla.suse.com/922560 SUSE Bug 922560 https://bugzilla.suse.com/922567 SUSE Bug 922567 https://bugzilla.suse.com/929192 SUSE Bug 929192 https://bugzilla.suse.com/980366 SUSE Bug 980366 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-2348 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-2348.html CVE-2015-2348 https://bugzilla.suse.com/924970 SUSE Bug 924970 https://bugzilla.suse.com/935227 SUSE Bug 935227 ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. CVE-2015-2783 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-2783.html CVE-2015-2783 https://bugzilla.suse.com/928408 SUSE Bug 928408 https://bugzilla.suse.com/928506 SUSE Bug 928506 https://bugzilla.suse.com/928511 SUSE Bug 928511 https://bugzilla.suse.com/931418 SUSE Bug 931418 https://bugzilla.suse.com/980366 SUSE Bug 980366 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. CVE-2015-2787 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-2787.html CVE-2015-2787 https://bugzilla.suse.com/924972 SUSE Bug 924972 https://bugzilla.suse.com/980366 SUSE Bug 980366 Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. CVE-2015-3329 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-3329.html CVE-2015-3329 https://bugzilla.suse.com/928408 SUSE Bug 928408 https://bugzilla.suse.com/928506 SUSE Bug 928506 https://bugzilla.suse.com/928511 SUSE Bug 928511 https://bugzilla.suse.com/980366 SUSE Bug 980366 The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." CVE-2015-3330 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-22.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-22.1 SUSE Linux Enterprise Software Development Kit 12:php5-devel-5.5.14-22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150868-1/ https://www.suse.com/security/cve/CVE-2015-3330.html CVE-2015-3330 https://bugzilla.suse.com/908782 SUSE Bug 908782 https://bugzilla.suse.com/928408 SUSE Bug 928408 https://bugzilla.suse.com/928506 SUSE Bug 928506 https://bugzilla.suse.com/928511 SUSE Bug 928511