Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
marc.info/?l=bugtraq&m=133469208622507&w=2
pastebin.com/mXGidCsd
secunia.com/advisories/40860
support.apple.com/kb/HT4312
twitter.com/i0n1c/statuses/16373156076
twitter.com/i0n1c/statuses/16447867829
www.debian.org/security/2010/dsa-2089
www.securityfocus.com/bid/40948
bugzilla.redhat.com/show_bug.cgi?id=605641
exchange.xforce.ibmcloud.com/vulnerabilities/59610