This update of PHP5 brings several security fixes.
Security fixes:
- CVE-2015-6831: A use after free vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#942291] [bnc#942294] [bnc#942295]
- CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject
items could be used to crash php or potentially execute code.
[bnc#942293]
- CVE-2015-6833: A directory traversal when extracting ZIP files could be
used to overwrite files outside of intended area. [bnc#942296]
- CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been
fixed which could be used to crash php or potentially execute code.
[bnc#945403]
- CVE-2015-6835: A Use After Free Vulnerability in session unserialize()
has been fixed which could be used to crash php or potentially execute
code. [bnc#945402]
- CVE-2015-6836: A SOAP serialize_function_call() type confusion leading
to remote code execution problem was fixed. [bnc#945428]
- CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the
XSLTProcessor class were fixed. [bnc#945412]
Bugfixes:
- Compare with SQL_NULL_DATA correctly [bnc#935074]
- If MD5 was disabled in net-snmp we have to disable the used MD5 function
in ext/snmp/snmp.c as well. (bsc#944302)
Also the Suhosin framework was updated to 0.9.38. [fate#319325]