The PHP script interpreter was updated to receive various security fixes:
- CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization
type confusion.
- CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type
confusion issues in unserialize() with various SOAP methods.
- CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type
confusion issue after unserialize.
- CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
- CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist()
that could result in a heap overflow.
- CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]:
Added missing null byte checks for paths in various PHP extensions.