php security update

2015-07-09T00:00:00
ID ELSA-2015-1218
Type oraclelinux
Reporter Oracle
Modified 2015-07-09T00:00:00

Description

[5.3.3-46] - fix gzfile accept paths with NUL character #1213407 - fix patch for CVE-2015-4024 [5.3.3-45] - fix more functions accept paths with NUL character #1213407 [5.3.3-44] - soap: missing fix for #1222538 and #1204868 [5.3.3-43] - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4026, #1213407 - ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022 - phar: fix buffer over-read in metadata parsing CVE-2015-2783 - phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307 - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 - phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021 - soap: more fix type confusion through unserialize #1222538 [5.3.3-42] - soap: more fix type confusion through unserialize #1204868 [5.3.3-41] - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 - core: fix use-after-free in unserialize CVE-2015-2787 - exif: fix free on unitialized pointer CVE-2015-0232 - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 - date: fix use after free vulnerability in unserialize CVE-2015-0273 - enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705 - phar: use after free in phar_object.c CVE-2015-2301 - soap: fix type confusion through unserialize