-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1572
              SUSE Security Update: Security update for php53
                               22 June 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          php53
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                  Access Privileged Data          -- Remote/Unauthenticated      
                  Create Arbitrary Files          -- Remote with User Interaction
                  Denial of Service               -- Remote/Unauthenticated      
                  Provide Misleading Information  -- Remote/Unauthenticated      
                  Reduced Security                -- Remote/Unauthenticated      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2016-5114 CVE-2016-5096 CVE-2016-5095
                  CVE-2016-5094 CVE-2016-5093 CVE-2016-4544
                  CVE-2016-4543 CVE-2016-4542 CVE-2016-4541
                  CVE-2016-4540 CVE-2016-4539 CVE-2016-4538
                  CVE-2016-4537 CVE-2016-4346 CVE-2016-4342
                  CVE-2016-4073 CVE-2016-4070 CVE-2016-3185
                  CVE-2016-3142 CVE-2016-3141 CVE-2016-2554
                  CVE-2015-8879 CVE-2015-8874 CVE-2015-8873
                  CVE-2015-8867 CVE-2015-8866 CVE-2015-8838
                  CVE-2015-8835 CVE-2015-7803 CVE-2015-6838
                  CVE-2015-6837 CVE-2015-6836 CVE-2015-6833
                  CVE-2015-6831 CVE-2015-5590 CVE-2015-5589
                  CVE-2015-5161 CVE-2015-4644 CVE-2015-4643
                  CVE-2015-4603 CVE-2015-4602 CVE-2015-4601
                  CVE-2015-4600 CVE-2015-4599 CVE-2015-4598
                  CVE-2015-4148 CVE-2015-4116 CVE-2015-4026
                  CVE-2015-4024 CVE-2015-4022 CVE-2015-4021
                  CVE-2015-3412 CVE-2015-3411 CVE-2015-3329
                  CVE-2015-3152 CVE-2015-2787 CVE-2015-2783
                  CVE-2015-2305 CVE-2015-2301 CVE-2015-1352
                  CVE-2015-0273 CVE-2015-0232 CVE-2015-0231
                  CVE-2014-9767 CVE-2014-9709 CVE-2014-9705
                  CVE-2014-9652 CVE-2014-8142 CVE-2014-5459
                  CVE-2014-4721 CVE-2014-4698 CVE-2014-4670
                  CVE-2014-4049 CVE-2014-3670 CVE-2014-3669
                  CVE-2014-3668 CVE-2014-3597 CVE-2014-3515
                  CVE-2014-3487 CVE-2014-3480 CVE-2014-3479
                  CVE-2014-3478 CVE-2014-0207 CVE-2006-7243
                  CVE-2004-1019  

Reference:        ESB-2016.1514
                  ESB-2016.1032
                  ESB-2015.2704
                  ESB-2015.2401
                  ESB-2015.1472
                  ESB-2015.0698.2
                  ESB-2015.0501
                  ESB-2015.0005
                  ESB-2014.1110
                  ESB-2014.0991

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for php53
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1638-1
Rating:             important
References:         #884986 #884987 #884989 #884990 #884991 #884992 
                    #885961 #886059 #886060 #893849 #893853 #902357 
                    #902360 #902368 #910659 #914690 #917150 #918768 
                    #919080 #921950 #922451 #922452 #923945 #924972 
                    #925109 #928506 #928511 #931421 #931769 #931772 
                    #931776 #933227 #935074 #935224 #935226 #935227 
                    #935229 #935232 #935234 #935274 #935275 #938719 
                    #938721 #942291 #942296 #945412 #945428 #949961 
                    #968284 #969821 #971611 #971612 #971912 #973351 
                    #973792 #976996 #976997 #977003 #977005 #977991 
                    #977994 #978827 #978828 #978829 #978830 #980366 
                    #980373 #980375 #981050 #982010 #982011 #982012 
                    #982013 #982162 
Cross-References:   CVE-2004-1019 CVE-2006-7243 CVE-2014-0207
                    CVE-2014-3478 CVE-2014-3479 CVE-2014-3480
                    CVE-2014-3487 CVE-2014-3515 CVE-2014-3597
                    CVE-2014-3668 CVE-2014-3669 CVE-2014-3670
                    CVE-2014-4049 CVE-2014-4670 CVE-2014-4698
                    CVE-2014-4721 CVE-2014-5459 CVE-2014-8142
                    CVE-2014-9652 CVE-2014-9705 CVE-2014-9709
                    CVE-2014-9767 CVE-2015-0231 CVE-2015-0232
                    CVE-2015-0273 CVE-2015-1352 CVE-2015-2301
                    CVE-2015-2305 CVE-2015-2783 CVE-2015-2787
                    CVE-2015-3152 CVE-2015-3329 CVE-2015-3411
                    CVE-2015-3412 CVE-2015-4021 CVE-2015-4022
                    CVE-2015-4024 CVE-2015-4026 CVE-2015-4116
                    CVE-2015-4148 CVE-2015-4598 CVE-2015-4599
                    CVE-2015-4600 CVE-2015-4601 CVE-2015-4602
                    CVE-2015-4603 CVE-2015-4643 CVE-2015-4644
                    CVE-2015-5161 CVE-2015-5589 CVE-2015-5590
                    CVE-2015-6831 CVE-2015-6833 CVE-2015-6836
                    CVE-2015-6837 CVE-2015-6838 CVE-2015-7803
                    CVE-2015-8835 CVE-2015-8838 CVE-2015-8866
                    CVE-2015-8867 CVE-2015-8873 CVE-2015-8874
                    CVE-2015-8879 CVE-2016-2554 CVE-2016-3141
                    CVE-2016-3142 CVE-2016-3185 CVE-2016-4070
                    CVE-2016-4073 CVE-2016-4342 CVE-2016-4346
                    CVE-2016-4537 CVE-2016-4538 CVE-2016-4539
                    CVE-2016-4540 CVE-2016-4541 CVE-2016-4542
                    CVE-2016-4543 CVE-2016-4544 CVE-2016-5093
                    CVE-2016-5094 CVE-2016-5095 CVE-2016-5096
                    CVE-2016-5114
Affected Products:
                    SUSE Linux Enterprise Server 11-SP2-LTSS
______________________________________________________________________________

   An update that fixes 85 vulnerabilities is now available.

Description:

   This update for php53 to version 5.3.17 fixes the following issues:

   These security issues were fixed:
   - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).
   - CVE-2016-5094: Don't create strings with lengths outside int range
     (bnc#982011).
   - CVE-2016-5095: Don't create strings with lengths outside int range
     (bnc#982012).
   - CVE-2016-5096: int/size_t confusion in fread (bsc#982013).
   - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).
   - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP
     mishandles driver behavior for SQL_WVARCHAR columns, which allowed
     remote attackers to cause a denial of service (application crash) in
     opportunistic circumstances by leveraging use of the odbc_fetch_array
     function to access a certain type of Microsoft SQL Server table
     (bsc#981050).
   - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert
     function in ext/spl/spl_heap.c in PHP allowed remote attackers to
     execute arbitrary code by triggering a failed SplMinHeap::compare
     operation (bsc#980366).
   - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed
     remote attackers to cause a denial of service via a crafted
     imagefilltoborder call (bsc#980375).
   - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c
     in PHP allowed remote attackers to cause a denial of service
     (segmentation fault) via recursive method calls (bsc#980373).
   - CVE-2016-4540: The grapheme_stripos function in
     ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to
     cause a denial of service (out-of-bounds read) or possibly have
     unspecified other impact via a negative offset (bsc#978829).
   - CVE-2016-4541: The grapheme_strpos function in
     ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to
     cause a denial of service (out-of-bounds read) or possibly have
     unspecified other impact via a negative offset (bsc#978829.
   - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in
     PHP did not properly construct spprintf arguments, which allowed remote
     attackers to cause a denial of service (out-of-bounds read) or possibly
     have unspecified other impact via crafted header data (bsc#978830).
   - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c
     in PHP did not validate IFD sizes, which allowed remote attackers to
     cause a denial of service (out-of-bounds read) or possibly have
     unspecified other impact via crafted header data (bsc#978830.
   - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c
     in PHP did not validate TIFF start data, which allowed remote attackers
     to cause a denial of service (out-of-bounds read) or possibly have
     unspecified other impact via crafted header data (bsc#978830.
   - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP
     accepted a negative integer for the scale argument, which allowed remote
     attackers to cause a denial of service or possibly have unspecified
     other impact via a crafted call (bsc#978827).
   - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP
     modified certain data structures without considering whether they are
     copies of the _zero_, _one_, or _two_ global variable, which allowed
     remote attackers to cause a denial of service or possibly have
     unspecified other impact via a crafted call (bsc#978827).
   - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in
     PHP allowed remote attackers to cause a denial of service (buffer
     under-read and segmentation fault) or possibly have unspecified other
     impact via crafted XML data in the second argument, leading to a parser
     level of zero (bsc#978828).
   - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length
     uncompressed data, which allowed remote attackers to cause a denial of
     service (heap memory corruption) or possibly have unspecified other
     impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).
   - CVE-2016-4346: Integer overflow in the str_pad function in
     ext/standard/string.c in PHP allowed remote attackers to cause a denial
     of service or possibly have unspecified other impact via a long string,
     leading to a heap-based buffer overflow (bsc#977994).
   - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in
     ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to
     cause a denial of service (application crash) or possibly execute
     arbitrary code via a crafted mb_strcut call (bsc#977003).
   - CVE-2015-8867: The openssl_random_pseudo_bytes function in
     ext/openssl/openssl.c in PHP incorrectly relied on the deprecated
     RAND_pseudo_bytes function, which made it easier for remote attackers to
     defeat cryptographic protection mechanisms via unspecified vectors
     (bsc#977005).
   - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in
     ext/standard/url.c in PHP allowed remote attackers to cause a denial of
     service (application crash) via a long string to the rawurlencode
     function (bsc#976997).
   - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not
     isolate each thread from libxml_disable_entity_loader changes in other
     threads, which allowed remote attackers to conduct XML External Entity
     (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document,
     a related issue to CVE-2015-5161 (bsc#976996).
   - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to
     mean that SSL is optional, which allowed man-in-the-middle attackers to
     spoof servers via a cleartext-downgrade attack, a related issue to
     CVE-2015-3152 (bsc#973792).
   - CVE-2015-8835: The make_http_soap_request function in
     ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed
     remote attackers to cause a denial of service (NULL pointer dereference,
     type confusion, and application crash) or possibly execute arbitrary
     code via crafted serialized data representing a numerically indexed
     _cookies array, related to the SoapClient::__call method in
     ext/soap/soap.c (bsc#973351).
   - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX
     extension in PHP allowed remote attackers to cause a denial of service
     (memory corruption and application crash) or possibly have unspecified
     other impact by triggering a wddx_deserialize call on XML data
     containing a crafted var element (bsc#969821).
   - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR
     extension in PHP allowed remote attackers to obtain sensitive
     information from process memory or cause a denial of service
     (out-of-bounds read and application crash) by placing a PK\x05\x06
     signature at an invalid location (bsc#971912).
   - CVE-2014-9767: Directory traversal vulnerability in the
     ZipArchive::extractTo function in ext/zip/php_zip.c in PHP
     ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary
     empty directories via a crafted ZIP archive (bsc#971612).
   - CVE-2016-3185: The make_http_soap_request function in
     ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive
     information from process memory or cause a denial of service (type
     confusion and application crash) via crafted serialized _cookies data,
     related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).
   - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP
     allowed remote attackers to cause a denial of service (application
     crash) or possibly have unspecified other impact via a crafted TAR
     archive (bsc#968284).
   - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in
     PHP allowed remote attackers to cause a denial of service (NULL pointer
     dereference and application crash) via a .phar file with a crafted TAR
     archive entry in which the Link indicator references a file that did not
     exist (bsc#949961).
   - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP
     allowed remote attackers to execute arbitrary code via vectors involving
     (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList,
     which are mishandled during unserialization (bsc#942291).
   - CVE-2015-6833: Directory traversal vulnerability in the PharData class
     in PHP allowed remote attackers to write to arbitrary files via a ..
     (dot dot) in a ZIP archive entry that is mishandled during an extractTo
     call (bsc#942296.
   - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP
     did not properly manage headers, which allowed remote attackers to
     execute arbitrary code via crafted serialized data that triggers a "type
     confusion" in the serialize_function_call function (bsc#945428).
   - CVE-2015-6837: The xsl_ext_function_php function in
     ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider
     the possibility of a NULL valuePop return value proceeding with a free
     operation during initial error checking, which allowed remote attackers
     to cause a denial of service (NULL pointer dereference and application
     crash) via a crafted XML document, a different vulnerability than
     CVE-2015-6838 (bsc#945412).
   - CVE-2015-6838: The xsl_ext_function_php function in
     ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider
     the possibility of a NULL valuePop return value proceeding with a free
     operation after the principal argument loop, which allowed remote
     attackers to cause a denial of service (NULL pointer dereference and
     application crash) via a crafted XML document, a different vulnerability
     than CVE-2015-6837 (bsc#945412).
   - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath
     function in ext/phar/phar.c in PHP allowed remote attackers to cause a
     denial of service or possibly have unspecified other impact via a large
     length value, as demonstrated by mishandling of an e-mail attachment by
     the imap PHP extension (bsc#938719).
   - CVE-2015-5589: The phar_convert_to_other function in
     ext/phar/phar_object.c in PHP did not validate a file pointer a close
     operation, which allowed remote attackers to cause a denial of service
     (segmentation fault) or possibly have unspecified other impact via a
     crafted TAR archive that is mishandled in a Phar::convertToData call
     (bsc#938721).
   - CVE-2015-4602: The __PHP_Incomplete_Class function in
     ext/standard/incomplete_class.c in PHP allowed remote attackers to cause
     a denial of service (application crash) or possibly execute arbitrary
     code via an unexpected data type, related to a "type confusion" issue
     (bsc#935224).
   - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in
     PHP allowed remote attackers to obtain sensitive information, cause a
     denial of service (application crash), or possibly execute arbitrary
     code via an unexpected data type, related to a "type confusion" issue
     (bsc#935226).
   - CVE-2015-4600: The SoapClient implementation in PHP allowed remote
     attackers to cause a denial of service (application crash) or possibly
     execute arbitrary code via an unexpected data type, related to "type
     confusion" issues in the (1) SoapClient::__getLastRequest, (2)
     SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders,
     (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies,
     and (6) SoapClient::__setCookie methods (bsc#935226).
   - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service
     (application crash) or possibly execute arbitrary code via an unexpected
     data type, related to "type confusion" issues in (1)
     ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3)
     ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.
   - CVE-2015-4603: The exception::getTraceAsString function in
     Zend/zend_exceptions.c in PHP allowed remote attackers to execute
     arbitrary code via an unexpected data type, related to a "type
     confusion" issue (bsc#935234).
   - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the
     PostgreSQL (aka pgsql) extension in PHP did not validate token
     extraction for table names, which might allowed remote attackers to
     cause a denial of service (NULL pointer dereference and application
     crash) via a crafted name. NOTE: this vulnerability exists because of an
     incomplete fix for CVE-2015-1352 (bsc#935274).
   - CVE-2015-4643: Integer overflow in the ftp_genlist function in
     ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary
     code via a long reply to a LIST command, leading to a heap-based buffer
     overflow. NOTE: this vulnerability exists because of an incomplete fix
     for CVE-2015-4022 (bsc#935275).
   - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences,
     which might have allowed remote attackers to read or write to arbitrary
     files via crafted input to an application that calls (1) a DOMDocument
     load method, (2) the xmlwriter_open_uri function, (3) the finfo_file
     function, or (4) the hash_hmac_file function, as demonstrated by a
     filename\0.xml attack that bypasses an intended configuration in which
     client users may read only .xml files (bsc#935227).
   - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences,
     which might have allowed remote attackers to read arbitrary files via
     crafted input to an application that calls the
     stream_resolve_include_path function in ext/standard/streamsfuncs.c, as
     demonstrated by a filename\0.extension attack that bypasses an intended
     configuration in which client users may read files with only one
     specific extension (bsc#935229).
   - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences,
     which might have allowed remote attackers to read or write to arbitrary
     files via crafted input to an application that calls (1) a DOMDocument
     save method or (2) the GD imagepsloadfont function, as demonstrated by a
     filename\0.html attack that bypasses an intended configuration in which
     client users may write to only .html files (bsc#935232).
   - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did
     not verify that the uri property is a string, which allowed remote
     attackers to obtain sensitive information by providing crafted
     serialized data with an int data type, related to a "type confusion"
     issue (bsc#933227).
   - CVE-2015-4024: Algorithmic complexity vulnerability in the
     multipart_buffer_headers function in main/rfc1867.c in PHP allowed
     remote attackers to cause a denial of service (CPU consumption) via
     crafted form data that triggers an improper order-of-growth outcome
     (bsc#931421).
   - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname
     upon encountering a \x00 character, which might allowed remote attackers
     to bypass intended extension restrictions and execute files with
     unexpected names via a crafted first argument. NOTE: this vulnerability
     exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).
   - CVE-2015-4022: Integer overflow in the ftp_genlist function in
     ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary
     code via a long reply to a LIST command, leading to a heap-based buffer
     overflow (bsc#931772).
   - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP
     did not verify that the first character of a filename is different from
     the \0 character, which allowed remote attackers to cause a denial of
     service (integer underflow and memory corruption) via a crafted entry in
     a tar archive (bsc#931769).
   - CVE-2015-3329: Multiple stack-based buffer overflows in the
     phar_set_inode function in phar_internal.h in PHP allowed remote
     attackers to execute arbitrary code via a crafted length value in a (1)
     tar, (2) phar, or (3) ZIP archive (bsc#928506).
   - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain
     sensitive information from process memory or cause a denial of service
     (buffer over-read and application crash) via a crafted length value in
     conjunction with crafted serialized data in a phar archive, related to
     the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).
   - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data
     function in ext/standard/var_unserializer.re in PHP allowed remote
     attackers to execute arbitrary code via a crafted unserialize call that
     leverages use of the unset function within an __wakeup function, a
     related issue to CVE-2015-0231 (bsc#924972).
   - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and
     earlier, as used in PHP allowed remote attackers to cause a denial of
     service (buffer over-read and application crash) via a crafted GIF image
     that is improperly handled by the gdImageCreateFromGif function
     (bsc#923945).
   - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive
     function in phar_object.c in PHP allowed remote attackers to cause a
     denial of service or possibly have unspecified other impact via vectors
     that trigger an attempted renaming of a Phar archive to the name of an
     existing file (bsc#922452).
   - CVE-2015-2305: Integer overflow in the regcomp implementation in the
     Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might
     have allowed context-dependent attackers to execute arbitrary code via a
     large regular expression that leads to a heap-based buffer overflow
     (bsc#921950).
   - CVE-2014-9705: Heap-based buffer overflow in the
     enchant_broker_request_dict function in ext/enchant/enchant.c in PHP
     allowed remote attackers to execute arbitrary code via vectors that
     trigger creation of multiple dictionaries (bsc#922451).
   - CVE-2015-0273: Multiple use-after-free vulnerabilities in
     ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary
     code via crafted serialized input containing a (1) R or (2) r type
     specifier in (a) DateTimeZone data handled by the
     php_date_timezone_initialize_from_hash function or (b) DateTime data
     handled by the php_date_initialize_from_hash function (bsc#918768).
   - CVE-2014-9652: The mconvert function in softmagic.c in file as used in
     the Fileinfo component in PHP did not properly handle a certain
     string-length field during a copy of a truncated version of a Pascal
     string, which might allowed remote attackers to cause a denial of
     service (out-of-bounds memory access and application crash) via a
     crafted file (bsc#917150).
   - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data
     function in ext/standard/var_unserializer.re in PHP allowed remote
     attackers to execute arbitrary code via a crafted unserialize call that
     leverages improper handling of duplicate keys within the serialized
     properties of an object, a different vulnerability than CVE-2004-1019
     (bsc#910659).
   - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data
     function in ext/standard/var_unserializer.re in PHP allowed remote
     attackers to execute arbitrary code via a crafted unserialize call that
     leverages improper handling of duplicate numerical keys within the
     serialized properties of an object. NOTE: this vulnerability exists
     because of an incomplete fix for CVE-2014-8142 (bsc#910659).
   - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data
     function in ext/standard/var_unserializer.re in PHP allowed remote
     attackers to execute arbitrary code via a crafted unserialize call that
     leverages improper handling of duplicate keys within the serialized
     properties of an object, a different vulnerability than CVE-2004-1019
     (bsc#910659).
   - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in
     PHP allowed remote attackers to execute arbitrary code or cause a denial
     of service (uninitialized pointer free and application crash) via
     crafted EXIF data in a JPEG image (bsc#914690).
   - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF
     extension in PHP operates on floating-point arrays incorrectly, which
     allowed remote attackers to cause a denial of service (heap memory
     corruption and application crash) or possibly execute arbitrary code via
     a crafted JPEG image with TIFF thumbnail data that is improperly handled
     by the exif_thumbnail function (bsc#902357).
   - CVE-2014-3669: Integer overflow in the object_custom function in
     ext/standard/var_unserializer.c in PHP allowed remote attackers to cause
     a denial of service (application crash) or possibly execute arbitrary
     code via an argument to the unserialize function that triggers
     calculation of a large length value (bsc#902360).
   - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the
     mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in
     PHP allowed remote attackers to cause a denial of service (application
     crash) via (1) a crafted first argument to the xmlrpc_set_type function
     or (2) a crafted argument to the xmlrpc_decode function, related to an
     out-of-bounds read operation (bsc#902368).
   - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed
     local users to write to arbitrary files via a symlink attack on a (1)
     rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to
     the retrieveCacheFirst and useLocalCache functions  (bsc#893849).
   - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in
     ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial
     of service (application crash) or possibly execute arbitrary code via a
     crafted DNS record, related to the dns_get_record function and the
     dn_expand function. NOTE: this issue exists because of an incomplete fix
     for CVE-2014-4049 (bsc#893853).
   - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in
     the SPL component in PHP allowed context-dependent attackers to cause a
     denial of service or possibly have unspecified other impact via crafted
     iterator usage within applications in certain web-hosting environments
     (bsc#886059).
   - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in
     the SPL component in PHP allowed context-dependent attackers to cause a
     denial of service or possibly have unspecified other impact via crafted
     ArrayIterator usage within applications in certain web-hosting
     environments  (bsc#886060).
   - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP
     did not ensure use of the string data type for the PHP_AUTH_PW,
     PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might
     allowed context-dependent attackers to obtain sensitive information from
     process memory by using the integer data type with crafted values,
     related to a "type confusion" vulnerability, as demonstrated by reading
     a private SSL key in an Apache HTTP Server web-hosting environment with
     mod_ssl and a PHP 5.3.x mod_php (bsc#885961).
   - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as
     used in the Fileinfo component in PHP allowed remote attackers to cause
     a denial of service (assertion failure and application exit) via a
     crafted CDF file (bsc#884986).
   - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c
     in file as used in the Fileinfo component in PHP allowed remote
     attackers to cause a denial of service (application crash) via a crafted
     Pascal string in a FILE_PSTRING conversion (bsc#884987).
   - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as
     used in the Fileinfo component in PHP relies on incorrect sector-size
     data, which allowed remote attackers to cause a denial of service
     (application crash) via a crafted stream offset in a CDF file
     (bsc#884989).
   - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in
     the Fileinfo component in PHP did not properly validate sector-count
     data, which allowed remote attackers to cause a denial of service
     (application crash) via a crafted CDF file (bsc#884990).
   - CVE-2014-3487: The cdf_read_property_info function in file as used in
     the Fileinfo component in PHP did not properly validate a stream offset,
     which allowed remote attackers to cause a denial of service (application
     crash) via a crafted CDF file (bsc#884991).
   - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that
     certain data structures will have the array data type after
     unserialization, which allowed remote attackers to execute arbitrary
     code via a crafted string that triggers use of a Hashtable destructor,
     related to "type confusion" issues in (1) ArrayObject and (2)
     SPLObjectStorage (bsc#884992).

   These non-security issues were fixed:
   - bnc#935074: compare with SQL_NULL_DATA correctly
   - bnc#935074: fix segfault in odbc_fetch_array
   - bnc#919080: fix timezone map
   - bnc#925109: unserialize SoapClient type confusion


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP2-LTSS:

      zypper in -t patch slessp2-php53-12621=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

      apache2-mod_php53-5.3.17-47.1
      php53-5.3.17-47.1
      php53-bcmath-5.3.17-47.1
      php53-bz2-5.3.17-47.1
      php53-calendar-5.3.17-47.1
      php53-ctype-5.3.17-47.1
      php53-curl-5.3.17-47.1
      php53-dba-5.3.17-47.1
      php53-dom-5.3.17-47.1
      php53-exif-5.3.17-47.1
      php53-fastcgi-5.3.17-47.1
      php53-fileinfo-5.3.17-47.1
      php53-ftp-5.3.17-47.1
      php53-gd-5.3.17-47.1
      php53-gettext-5.3.17-47.1
      php53-gmp-5.3.17-47.1
      php53-iconv-5.3.17-47.1
      php53-intl-5.3.17-47.1
      php53-json-5.3.17-47.1
      php53-ldap-5.3.17-47.1
      php53-mbstring-5.3.17-47.1
      php53-mcrypt-5.3.17-47.1
      php53-mysql-5.3.17-47.1
      php53-odbc-5.3.17-47.1
      php53-openssl-5.3.17-47.1
      php53-pcntl-5.3.17-47.1
      php53-pdo-5.3.17-47.1
      php53-pear-5.3.17-47.1
      php53-pgsql-5.3.17-47.1
      php53-pspell-5.3.17-47.1
      php53-shmop-5.3.17-47.1
      php53-snmp-5.3.17-47.1
      php53-soap-5.3.17-47.1
      php53-suhosin-5.3.17-47.1
      php53-sysvmsg-5.3.17-47.1
      php53-sysvsem-5.3.17-47.1
      php53-sysvshm-5.3.17-47.1
      php53-tokenizer-5.3.17-47.1
      php53-wddx-5.3.17-47.1
      php53-xmlreader-5.3.17-47.1
      php53-xmlrpc-5.3.17-47.1
      php53-xmlwriter-5.3.17-47.1
      php53-xsl-5.3.17-47.1
      php53-zip-5.3.17-47.1
      php53-zlib-5.3.17-47.1


References:

   https://www.suse.com/security/cve/CVE-2004-1019.html
   https://www.suse.com/security/cve/CVE-2006-7243.html
   https://www.suse.com/security/cve/CVE-2014-0207.html
   https://www.suse.com/security/cve/CVE-2014-3478.html
   https://www.suse.com/security/cve/CVE-2014-3479.html
   https://www.suse.com/security/cve/CVE-2014-3480.html
   https://www.suse.com/security/cve/CVE-2014-3487.html
   https://www.suse.com/security/cve/CVE-2014-3515.html
   https://www.suse.com/security/cve/CVE-2014-3597.html
   https://www.suse.com/security/cve/CVE-2014-3668.html
   https://www.suse.com/security/cve/CVE-2014-3669.html
   https://www.suse.com/security/cve/CVE-2014-3670.html
   https://www.suse.com/security/cve/CVE-2014-4049.html
   https://www.suse.com/security/cve/CVE-2014-4670.html
   https://www.suse.com/security/cve/CVE-2014-4698.html
   https://www.suse.com/security/cve/CVE-2014-4721.html
   https://www.suse.com/security/cve/CVE-2014-5459.html
   https://www.suse.com/security/cve/CVE-2014-8142.html
   https://www.suse.com/security/cve/CVE-2014-9652.html
   https://www.suse.com/security/cve/CVE-2014-9705.html
   https://www.suse.com/security/cve/CVE-2014-9709.html
   https://www.suse.com/security/cve/CVE-2014-9767.html
   https://www.suse.com/security/cve/CVE-2015-0231.html
   https://www.suse.com/security/cve/CVE-2015-0232.html
   https://www.suse.com/security/cve/CVE-2015-0273.html
   https://www.suse.com/security/cve/CVE-2015-1352.html
   https://www.suse.com/security/cve/CVE-2015-2301.html
   https://www.suse.com/security/cve/CVE-2015-2305.html
   https://www.suse.com/security/cve/CVE-2015-2783.html
   https://www.suse.com/security/cve/CVE-2015-2787.html
   https://www.suse.com/security/cve/CVE-2015-3152.html
   https://www.suse.com/security/cve/CVE-2015-3329.html
   https://www.suse.com/security/cve/CVE-2015-3411.html
   https://www.suse.com/security/cve/CVE-2015-3412.html
   https://www.suse.com/security/cve/CVE-2015-4021.html
   https://www.suse.com/security/cve/CVE-2015-4022.html
   https://www.suse.com/security/cve/CVE-2015-4024.html
   https://www.suse.com/security/cve/CVE-2015-4026.html
   https://www.suse.com/security/cve/CVE-2015-4116.html
   https://www.suse.com/security/cve/CVE-2015-4148.html
   https://www.suse.com/security/cve/CVE-2015-4598.html
   https://www.suse.com/security/cve/CVE-2015-4599.html
   https://www.suse.com/security/cve/CVE-2015-4600.html
   https://www.suse.com/security/cve/CVE-2015-4601.html
   https://www.suse.com/security/cve/CVE-2015-4602.html
   https://www.suse.com/security/cve/CVE-2015-4603.html
   https://www.suse.com/security/cve/CVE-2015-4643.html
   https://www.suse.com/security/cve/CVE-2015-4644.html
   https://www.suse.com/security/cve/CVE-2015-5161.html
   https://www.suse.com/security/cve/CVE-2015-5589.html
   https://www.suse.com/security/cve/CVE-2015-5590.html
   https://www.suse.com/security/cve/CVE-2015-6831.html
   https://www.suse.com/security/cve/CVE-2015-6833.html
   https://www.suse.com/security/cve/CVE-2015-6836.html
   https://www.suse.com/security/cve/CVE-2015-6837.html
   https://www.suse.com/security/cve/CVE-2015-6838.html
   https://www.suse.com/security/cve/CVE-2015-7803.html
   https://www.suse.com/security/cve/CVE-2015-8835.html
   https://www.suse.com/security/cve/CVE-2015-8838.html
   https://www.suse.com/security/cve/CVE-2015-8866.html
   https://www.suse.com/security/cve/CVE-2015-8867.html
   https://www.suse.com/security/cve/CVE-2015-8873.html
   https://www.suse.com/security/cve/CVE-2015-8874.html
   https://www.suse.com/security/cve/CVE-2015-8879.html
   https://www.suse.com/security/cve/CVE-2016-2554.html
   https://www.suse.com/security/cve/CVE-2016-3141.html
   https://www.suse.com/security/cve/CVE-2016-3142.html
   https://www.suse.com/security/cve/CVE-2016-3185.html
   https://www.suse.com/security/cve/CVE-2016-4070.html
   https://www.suse.com/security/cve/CVE-2016-4073.html
   https://www.suse.com/security/cve/CVE-2016-4342.html
   https://www.suse.com/security/cve/CVE-2016-4346.html
   https://www.suse.com/security/cve/CVE-2016-4537.html
   https://www.suse.com/security/cve/CVE-2016-4538.html
   https://www.suse.com/security/cve/CVE-2016-4539.html
   https://www.suse.com/security/cve/CVE-2016-4540.html
   https://www.suse.com/security/cve/CVE-2016-4541.html
   https://www.suse.com/security/cve/CVE-2016-4542.html
   https://www.suse.com/security/cve/CVE-2016-4543.html
   https://www.suse.com/security/cve/CVE-2016-4544.html
   https://www.suse.com/security/cve/CVE-2016-5093.html
   https://www.suse.com/security/cve/CVE-2016-5094.html
   https://www.suse.com/security/cve/CVE-2016-5095.html
   https://www.suse.com/security/cve/CVE-2016-5096.html
   https://www.suse.com/security/cve/CVE-2016-5114.html
   https://bugzilla.suse.com/884986
   https://bugzilla.suse.com/884987
   https://bugzilla.suse.com/884989
   https://bugzilla.suse.com/884990
   https://bugzilla.suse.com/884991
   https://bugzilla.suse.com/884992
   https://bugzilla.suse.com/885961
   https://bugzilla.suse.com/886059
   https://bugzilla.suse.com/886060
   https://bugzilla.suse.com/893849
   https://bugzilla.suse.com/893853
   https://bugzilla.suse.com/902357
   https://bugzilla.suse.com/902360
   https://bugzilla.suse.com/902368
   https://bugzilla.suse.com/910659
   https://bugzilla.suse.com/914690
   https://bugzilla.suse.com/917150
   https://bugzilla.suse.com/918768
   https://bugzilla.suse.com/919080
   https://bugzilla.suse.com/921950
   https://bugzilla.suse.com/922451
   https://bugzilla.suse.com/922452
   https://bugzilla.suse.com/923945
   https://bugzilla.suse.com/924972
   https://bugzilla.suse.com/925109
   https://bugzilla.suse.com/928506
   https://bugzilla.suse.com/928511
   https://bugzilla.suse.com/931421
   https://bugzilla.suse.com/931769
   https://bugzilla.suse.com/931772
   https://bugzilla.suse.com/931776
   https://bugzilla.suse.com/933227
   https://bugzilla.suse.com/935074
   https://bugzilla.suse.com/935224
   https://bugzilla.suse.com/935226
   https://bugzilla.suse.com/935227
   https://bugzilla.suse.com/935229
   https://bugzilla.suse.com/935232
   https://bugzilla.suse.com/935234
   https://bugzilla.suse.com/935274
   https://bugzilla.suse.com/935275
   https://bugzilla.suse.com/938719
   https://bugzilla.suse.com/938721
   https://bugzilla.suse.com/942291
   https://bugzilla.suse.com/942296
   https://bugzilla.suse.com/945412
   https://bugzilla.suse.com/945428
   https://bugzilla.suse.com/949961
   https://bugzilla.suse.com/968284
   https://bugzilla.suse.com/969821
   https://bugzilla.suse.com/971611
   https://bugzilla.suse.com/971612
   https://bugzilla.suse.com/971912
   https://bugzilla.suse.com/973351
   https://bugzilla.suse.com/973792
   https://bugzilla.suse.com/976996
   https://bugzilla.suse.com/976997
   https://bugzilla.suse.com/977003
   https://bugzilla.suse.com/977005
   https://bugzilla.suse.com/977991
   https://bugzilla.suse.com/977994
   https://bugzilla.suse.com/978827
   https://bugzilla.suse.com/978828
   https://bugzilla.suse.com/978829
   https://bugzilla.suse.com/978830
   https://bugzilla.suse.com/980366
   https://bugzilla.suse.com/980373
   https://bugzilla.suse.com/980375
   https://bugzilla.suse.com/981050
   https://bugzilla.suse.com/982010
   https://bugzilla.suse.com/982011
   https://bugzilla.suse.com/982012
   https://bugzilla.suse.com/982013
   https://bugzilla.suse.com/982162

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV2n5t4x+lLeg9Ub1AQj3MQ/+Jg3Y7PujFpkmyPDQ4tQexSMcaO6MjDRO
xT3wgq4bh4/XcOE4hz7zn+w6HtmrOGeR7RzvvJbaR5/tIq/+AHGZilR1WW/h99lR
3JevP5E/9m4OWM5s1ZE0LPNxJiiEiiYG14+GjfoQlewRnf3PX9B595g4porR65WA
Knu456/bQa/+woPqBhYM3rFeIfwbV7869m+ZuN0dR85VG6xKpMZewB1uIA2t7OSs
YqmsJ8JfPT62rRPoMH8Iok7DxGLKISL7JgLML6hwNO3TuHUT2+sdjgN16eixslgR
T8WsP2bzE8arWhROMqWHhDtdAV88lR+63jYiYDJeYSly7OzoihDfcPhNYB5v6/zC
hUsGoYyAMJ5kgqpWQM3uO56nUVJe9yesIQ8TJCcnfwNXUfN9Xjb6HAtvUh251zQc
KE18OJk1PjO7uXakaApJ6yO9fnl1+A+mXporva6XskKOm9zwtGrQuCsYB6uUn856
wgOdOzp4VRIKiYah5SO0/IKC+Y6TWFiTIRB3+nIG/1w6NNutS3ovQSjONq9eMtCb
P8AV/Mq21d8TApTlcRVC/YdQASmU8JpAbFaqaeWFfyL5HyO+ucNPJ9iUTZ0IPfBM
v2Q5meB8HVr/7JTp6ySJ+HhhncJ7bYv9PgPUrll+z7LqQ6wIwFnfwha37pAi5zqN
0cM5N7HnOgI=
=uevI
-----END PGP SIGNATURE-----