Security update for php5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1253-2 Final 1 1 2015-06-23T06:21:14Z current 2015-06-23T06:21:14Z 2015-06-23T06:21:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for php5 This security update of PHP fixes the following issues: Security issues fixed: * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure. * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Bugs fixed: * configure php-fpm with --localstatedir=/var [bnc#927147] * fix timezone map [bnc#919080] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Web-Scripting-12-2015-322 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ Link for SUSE-SU-2015:1253-2 https://lists.opensuse.org/opensuse-security-announce/2015-07/msg00027.html E-Mail link for SUSE-SU-2015:1253-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/919080 SUSE Bug 919080 https://bugzilla.suse.com/927147 SUSE Bug 927147 https://bugzilla.suse.com/931421 SUSE Bug 931421 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/931772 SUSE Bug 931772 https://bugzilla.suse.com/931776 SUSE Bug 931776 https://bugzilla.suse.com/933227 SUSE Bug 933227 https://bugzilla.suse.com/935224 SUSE Bug 935224 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/935274 SUSE Bug 935274 https://bugzilla.suse.com/935275 SUSE Bug 935275 https://www.suse.com/security/cve/CVE-2015-3411/ SUSE CVE CVE-2015-3411 page https://www.suse.com/security/cve/CVE-2015-3412/ SUSE CVE CVE-2015-3412 page https://www.suse.com/security/cve/CVE-2015-4021/ SUSE CVE CVE-2015-4021 page https://www.suse.com/security/cve/CVE-2015-4022/ SUSE CVE CVE-2015-4022 page https://www.suse.com/security/cve/CVE-2015-4024/ SUSE CVE CVE-2015-4024 page https://www.suse.com/security/cve/CVE-2015-4026/ SUSE CVE CVE-2015-4026 page https://www.suse.com/security/cve/CVE-2015-4148/ SUSE CVE CVE-2015-4148 page https://www.suse.com/security/cve/CVE-2015-4598/ SUSE CVE CVE-2015-4598 page https://www.suse.com/security/cve/CVE-2015-4599/ SUSE CVE CVE-2015-4599 page https://www.suse.com/security/cve/CVE-2015-4600/ SUSE CVE CVE-2015-4600 page https://www.suse.com/security/cve/CVE-2015-4601/ SUSE CVE CVE-2015-4601 page https://www.suse.com/security/cve/CVE-2015-4602/ SUSE CVE CVE-2015-4602 page https://www.suse.com/security/cve/CVE-2015-4603/ SUSE CVE CVE-2015-4603 page https://www.suse.com/security/cve/CVE-2015-4643/ SUSE CVE CVE-2015-4643 page https://www.suse.com/security/cve/CVE-2015-4644/ SUSE CVE CVE-2015-4644 page SUSE Linux Enterprise Module for Web and Scripting 12 apache2-mod_php5-5.5.14-30.1 php5-5.5.14-30.1 php5-bcmath-5.5.14-30.1 php5-bz2-5.5.14-30.1 php5-calendar-5.5.14-30.1 php5-ctype-5.5.14-30.1 php5-curl-5.5.14-30.1 php5-dba-5.5.14-30.1 php5-dom-5.5.14-30.1 php5-enchant-5.5.14-30.1 php5-exif-5.5.14-30.1 php5-fastcgi-5.5.14-30.1 php5-fileinfo-5.5.14-30.1 php5-fpm-5.5.14-30.1 php5-ftp-5.5.14-30.1 php5-gd-5.5.14-30.1 php5-gettext-5.5.14-30.1 php5-gmp-5.5.14-30.1 php5-iconv-5.5.14-30.1 php5-intl-5.5.14-30.1 php5-json-5.5.14-30.1 php5-ldap-5.5.14-30.1 php5-mbstring-5.5.14-30.1 php5-mcrypt-5.5.14-30.1 php5-mysql-5.5.14-30.1 php5-odbc-5.5.14-30.1 php5-openssl-5.5.14-30.1 php5-pcntl-5.5.14-30.1 php5-pdo-5.5.14-30.1 php5-pear-5.5.14-30.1 php5-pgsql-5.5.14-30.1 php5-pspell-5.5.14-30.1 php5-shmop-5.5.14-30.1 php5-snmp-5.5.14-30.1 php5-soap-5.5.14-30.1 php5-sockets-5.5.14-30.1 php5-sqlite-5.5.14-30.1 php5-suhosin-5.5.14-30.1 php5-sysvmsg-5.5.14-30.1 php5-sysvsem-5.5.14-30.1 php5-sysvshm-5.5.14-30.1 php5-tokenizer-5.5.14-30.1 php5-wddx-5.5.14-30.1 php5-xmlreader-5.5.14-30.1 php5-xmlrpc-5.5.14-30.1 php5-xmlwriter-5.5.14-30.1 php5-xsl-5.5.14-30.1 php5-zip-5.5.14-30.1 php5-zlib-5.5.14-30.1 apache2-mod_php5-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bcmath-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-bz2-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-calendar-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ctype-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-curl-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dba-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-dom-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-enchant-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-exif-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fastcgi-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fileinfo-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-fpm-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ftp-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gd-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gettext-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-gmp-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-iconv-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-intl-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-json-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-ldap-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mbstring-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mcrypt-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-mysql-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-odbc-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-openssl-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pcntl-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pdo-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pear-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pgsql-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-pspell-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-shmop-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-snmp-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-soap-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sockets-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sqlite-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-suhosin-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvmsg-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvsem-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-sysvshm-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-tokenizer-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-wddx-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlreader-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlrpc-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xmlwriter-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-xsl-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zip-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 php5-zlib-5.5.14-30.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. CVE-2015-3411 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-3411.html CVE-2015-3411 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935229 SUSE Bug 935229 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. CVE-2015-3412 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-3412.html CVE-2015-3412 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935229 SUSE Bug 935229 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. CVE-2015-4021 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4021.html CVE-2015-4021 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. CVE-2015-4022 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4022.html CVE-2015-4022 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/931772 SUSE Bug 931772 https://bugzilla.suse.com/935275 SUSE Bug 935275 https://bugzilla.suse.com/980366 SUSE Bug 980366 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. CVE-2015-4024 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4024.html CVE-2015-4024 https://bugzilla.suse.com/931421 SUSE Bug 931421 https://bugzilla.suse.com/980366 SUSE Bug 980366 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. CVE-2015-4026 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4026.html CVE-2015-4026 https://bugzilla.suse.com/931776 SUSE Bug 931776 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/980366 SUSE Bug 980366 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. CVE-2015-4148 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4148.html CVE-2015-4148 https://bugzilla.suse.com/933227 SUSE Bug 933227 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. CVE-2015-4598 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4598.html CVE-2015-4598 https://bugzilla.suse.com/935227 SUSE Bug 935227 https://bugzilla.suse.com/935232 SUSE Bug 935232 https://bugzilla.suse.com/980366 SUSE Bug 980366 The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4599 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4599.html CVE-2015-4599 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods. CVE-2015-4600 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4600.html CVE-2015-4600 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600. CVE-2015-4601 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4601.html CVE-2015-4601 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4602 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4602.html CVE-2015-4602 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935224 SUSE Bug 935224 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/980366 SUSE Bug 980366 The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. CVE-2015-4603 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4603.html CVE-2015-4603 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935226 SUSE Bug 935226 https://bugzilla.suse.com/935234 SUSE Bug 935234 https://bugzilla.suse.com/980366 SUSE Bug 980366 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. CVE-2015-4643 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4643.html CVE-2015-4643 https://bugzilla.suse.com/931769 SUSE Bug 931769 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935275 SUSE Bug 935275 https://bugzilla.suse.com/980366 SUSE Bug 980366 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. CVE-2015-4644 SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bcmath-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-bz2-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-calendar-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ctype-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-curl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dba-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-dom-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-enchant-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-exif-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fastcgi-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fileinfo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-fpm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ftp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gd-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gettext-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-gmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-iconv-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-intl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-json-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-ldap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mbstring-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mcrypt-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-mysql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-odbc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-openssl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pcntl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pdo-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pear-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pgsql-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-pspell-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-shmop-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-snmp-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-soap-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sockets-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sqlite-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-suhosin-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvmsg-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvsem-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-sysvshm-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-tokenizer-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-wddx-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlreader-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlrpc-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xmlwriter-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-xsl-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zip-5.5.14-30.1 SUSE Linux Enterprise Module for Web and Scripting 12:php5-zlib-5.5.14-30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151253-2/ https://www.suse.com/security/cve/CVE-2015-4644.html CVE-2015-4644 https://bugzilla.suse.com/935074 SUSE Bug 935074 https://bugzilla.suse.com/935274 SUSE Bug 935274 https://bugzilla.suse.com/980366 SUSE Bug 980366