remote code execution

Please Install the Updated Packages.

php5 was updated to version 5.2.5 to fix several security vulnerabilities. For php4 on SLES9 the patches were backported. - php4 on SLES9 and php5 on SLES10/10.1 contained a copy of the pcre library which was vulnerable to several security issues. On SLES9 the included library was patched. SLES10/10.1 now uses the system pcre library. 10.2 and 10.3 already used the system pcre library before. CVE-2006-7227 CVE-2006-7228 - flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long arguments to the dl() function could crash php CVE-2007-4825 - overy long arguments to the glob() function could crash php CVE-2007-4782 - overly long arguments to some iconv functions could crash php CVE-2007-4840 - overy long arguments to the setlocale() function could crash php CVE-2007-4784 - the wordwrap-function could cause a floating point exception CVE-2007-3998 - overy long arguments to the fnmatch() function could crash php CVE-2007-4782 - incorrect size calculation in the chunk_split function could lead to a buffer overflow CVE-2007-4661 - flaws in the GD extension could lead to integer overflows CVE-2007-3996 - the money_format function contained format string flaws CVE-2007-4658

php4, php5 on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9 SDK, Open Enterprise Server, Novell Linux POS 9, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1

• http://www.novell.com/linux/security/advisories/2008_04_php.html

---

Updated on 2015-03-25