Just a general remark:
You cannot judge from the version number whether the used php is vulnerable to a certain exploit or not.
openSUSE backports security fixes to the shipped versions, so openSUSE’s 5.6.1 is not really a 5.6.1.
To see whether a specific fix is included, have a look at the package changelog. (“Changelog” tab in YaST, or run “rpm -q --changelog php5”)
Thanks for all the answers. I’ve installed dba-php-5611 package (I can see the package installed - rpm qa | grep php5) , but the Saint still show me the PHP v.5.6.1 vulnerability. Are there any other packages of v5.6.11, which must be installed?
I suppose you need dba-apa24-php-5611 too.
And you would probably need to configure Apache to use that module, as it installs to some non-standard location (/DBA/apache/), or maybe install one of the dba-apache packages from that repo too.
FYI: I was just told, that SAINT goes with the results it gets back from the check, which in most times is a banner output, which means SAINT received a version number. There is also a a credentialed/Authenticated scan to give SAINT access to dig more into the packages installed and not just the banner version. I’ve tried both, but had the same vulnerabilities.
Anyway I got wolfi323 advice and installed v.5.6.12 repo. After restarting all is grant. Saint is happy and I’m happy.