PHP 5.3.x < 5.3.6 Multiple Vulnerabilities

Versions of PHP 5.3 earlier than 5.3.6 are potentially affected by multiple vulnerabilities :

• An error exists in the function ‘_zip_name_locate()’ in the file ‘ext/zip/lib/zip_name_locate.c’ which allows a NULL pointer to be dereferenced when processing an empty archive. (CVE-2011-0421)
• A variable casting error exists in the Exif extension’s C function ‘exif_process_IFD_TAG()’ in the file ‘ext/exif/exif.c’ could allow arbitrary code execution. (CVE-2011-0708)
• An integer overflow vulnerability exists in the implementation of the PHP function ‘shmop_read’ in the file ‘ext/shmop/shmop.c’. (CVE-2011-1092)
• An error exists in the file ‘phar/phar_object.c’ n which calls to ‘zend_throw_exception_ex()’ pass data as a string format parameter which could lead to information disclosure or memory corruption when handling PHP archives. (CVE-2011-1153)
• A buffer overflow error exists in the C function ‘xbuf_format_converter’ in the file ‘main/snprintf.c’ when the PHP configuration setting for ‘precision’ is set to a large value. (Bug 54055)
• An unspecified error exists in the security enforcement regarding the parsing of the fastcgi protocol with the ‘FastCGI Process Manager’ (FPM) SAPI.