The specific version of PHP that the system is running is reportedly affected by the following vulnerabilities:
PHP contains a use-after-free error in ext/session/session.c. The issue is triggered during the handling of var_hash destruction. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-6290)
PHP contains an out-of-bounds read flaw in the exif_process_IFD_in_MAKERNOTE() function in ext/exif/exif.c that may allow a remote attacker to crash a program using the language or potentially disclose memory contents. (CVE-2016-6291)
PHP contains an overflow condition in the mdecrypt_generic() function in ext/mcrypt/mcrypt.c. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a heap-based buffer overflow, crashing a program using the language or potentially allowing the execution of arbitrary code.
Binary data 802016.prm
community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-0/ba-p/1643332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6291
lists.opensuse.org/opensuse-security-announce/2016-08/msg00039.html
news.cpanel.com/easyapache-july-26-2016-maintenance-release/
php.net/ChangeLog-5.php#5.5.38
php.net/ChangeLog-5.php#5.6.24
php.net/ChangeLog-7.php#7.0.9
seclists.org/bugtraq/2016/Jul/136
www.php.net/
www.ubuntu.com/usn/usn-3045-1/
bugs.php.net/bug.php?id=72552
bugs.php.net/bug.php?id=72562
bugs.php.net/bug.php?id=72603
www.debian.org/security/2016/dsa-3631