SUSE-SU-2015:1818-1

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838

Published: 22 Sept 2015, 07:31

Last modified:04 Feb 2026, 02:28

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Sept 2015, 07:31

Published

Vulnerability first disclosed

04 Feb 2026, 02:28

Last Modified

Vulnerability information updated

Description

Security update for php53 This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074]

Affected Systems

suse•php53&distro=SUSE Linux Enterprise Server 11 SP3
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Server 11 SP4
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP3
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP3
< 5.3.17-48.1
suse•php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
< 5.3.17-48.1

SUSE-SU-2015:1818-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (13)