Description: | Summary: The remote host is missing an update for the 'PHP' package(s) announced via the SUSE-SU-2015:1265-1 advisory.
Vulnerability Insight: The PHP script interpreter was updated to fix various security issues: CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type confusion after unserialize() information disclosure. Also the following bug were fixed: fix a segmentation fault in odbc_fetch_array [bnc#935074] fix timezone map [bnc#919080] Security Issues: CVE-2015-3411 CVE-2015-3412 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644
Affected Software/OS: 'PHP' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Software Development Kit 11 SP3.
Solution: Please install the updated package(s).
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|