Description: | Summary: The remote host is missing an update for the 'PHP' package(s) announced via the referenced advisory.
Vulnerability Insight: The PHP script interpreter was updated to fix various security issues:
* CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion.
* CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods.
* CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize.
* CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data.
* CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow.
* CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions.
* CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type confusion after unserialize() information disclosure.
Also the following bug were fixed:
* fix a segmentation fault in odbc_fetch_array [bnc#935074]
* fix timezone map [bnc#919080]
Affected Software/OS: PHP on SUSE Linux Enterprise Server 11 SP3
Solution: Please install the updated package(s).
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|