An update that fixes 9 vulnerabilities is now available.
Description:
php5 was updated to fix nine security issues.
These security issues were fixed: - CVE-2016-5773: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986247). - CVE-2016-5772: Double Free Courruption in wddx_deserialize (bsc#986244). - CVE-2016-5771: Use After Free Vulnerability in PHP's GC algorithm and unserialize (bsc#986391). - CVE-2016-5770: int/size_t confusion in SplFileObject::fread (bsc#986392). - CVE-2016-5768: Double free in _php_mb_regex_ereg_replace_exec - (bsc#986246). - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows (bsc#986388). - CVE-2015-8935: XSS in header() with Internet Explorer (bsc#986004). - CVE-2016-5767: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (bsc#986393). - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow (bsc#986386).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-844=1
To bring your system up-to-date, use "zypper patch".