{"affected":[{"ecosystem_specific":{"binaries":[{"apache2-mod_php5":"5.5.14-36.1","php5":"5.5.14-36.1","php5-bcmath":"5.5.14-36.1","php5-bz2":"5.5.14-36.1","php5-calendar":"5.5.14-36.1","php5-ctype":"5.5.14-36.1","php5-curl":"5.5.14-36.1","php5-dba":"5.5.14-36.1","php5-dom":"5.5.14-36.1","php5-enchant":"5.5.14-36.1","php5-exif":"5.5.14-36.1","php5-fastcgi":"5.5.14-36.1","php5-fileinfo":"5.5.14-36.1","php5-fpm":"5.5.14-36.1","php5-ftp":"5.5.14-36.1","php5-gd":"5.5.14-36.1","php5-gettext":"5.5.14-36.1","php5-gmp":"5.5.14-36.1","php5-iconv":"5.5.14-36.1","php5-intl":"5.5.14-36.1","php5-json":"5.5.14-36.1","php5-ldap":"5.5.14-36.1","php5-mbstring":"5.5.14-36.1","php5-mcrypt":"5.5.14-36.1","php5-mysql":"5.5.14-36.1","php5-odbc":"5.5.14-36.1","php5-opcache":"5.5.14-36.1","php5-openssl":"5.5.14-36.1","php5-pcntl":"5.5.14-36.1","php5-pdo":"5.5.14-36.1","php5-pear":"5.5.14-36.1","php5-pgsql":"5.5.14-36.1","php5-posix":"5.5.14-36.1","php5-pspell":"5.5.14-36.1","php5-shmop":"5.5.14-36.1","php5-snmp":"5.5.14-36.1","php5-soap":"5.5.14-36.1","php5-sockets":"5.5.14-36.1","php5-sqlite":"5.5.14-36.1","php5-suhosin":"5.5.14-36.1","php5-sysvmsg":"5.5.14-36.1","php5-sysvsem":"5.5.14-36.1","php5-sysvshm":"5.5.14-36.1","php5-tokenizer":"5.5.14-36.1","php5-wddx":"5.5.14-36.1","php5-xmlreader":"5.5.14-36.1","php5-xmlrpc":"5.5.14-36.1","php5-xmlwriter":"5.5.14-36.1","php5-xsl":"5.5.14-36.1","php5-zip":"5.5.14-36.1","php5-zlib":"5.5.14-36.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"php5","purl":"pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.5.14-36.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"php5-devel":"5.5.14-36.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"php5","purl":"pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.5.14-36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update of PHP5 brings several security fixes.\n\nSecurity fixes:\n* CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295]\n* CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293]\n* CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296]\n* CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] \n* CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402]\n* CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428]\n* CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412]\n\nBugfixes:\n* Compare with SQL_NULL_DATA correctly [bnc#935074]\n* If MD5 was disabled in net-snmp we have to disable the used MD5\n  function in ext/snmp/snmp.c as well. (bsc#944302)\n\nAlso the Suhosin framework was updated to 0.9.38. [fate#319325]\n","id":"SUSE-SU-2015:1633-1","modified":"2015-09-17T07:51:44Z","published":"2015-09-17T07:51:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151633-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/935074"},{"type":"REPORT","url":"https://bugzilla.suse.com/942291"},{"type":"REPORT","url":"https://bugzilla.suse.com/942293"},{"type":"REPORT","url":"https://bugzilla.suse.com/942294"},{"type":"REPORT","url":"https://bugzilla.suse.com/942295"},{"type":"REPORT","url":"https://bugzilla.suse.com/942296"},{"type":"REPORT","url":"https://bugzilla.suse.com/944302"},{"type":"REPORT","url":"https://bugzilla.suse.com/945402"},{"type":"REPORT","url":"https://bugzilla.suse.com/945403"},{"type":"REPORT","url":"https://bugzilla.suse.com/945412"},{"type":"REPORT","url":"https://bugzilla.suse.com/945428"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6831"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6832"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6838"}],"related":["CVE-2015-6831","CVE-2015-6832","CVE-2015-6833","CVE-2015-6834","CVE-2015-6835","CVE-2015-6836","CVE-2015-6837","CVE-2015-6838"],"summary":"Security update for php5","upstream":["CVE-2015-6831","CVE-2015-6832","CVE-2015-6833","CVE-2015-6834","CVE-2015-6835","CVE-2015-6836","CVE-2015-6837","CVE-2015-6838"]}