Fedora 22 : php-5.6.20-1.fc22 (2016-9282d83bee)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

Fedora 23 : php-5.6.20-1.fc23 (2016-1cf1b49047)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

Fedora 24 : php-5.6.20-1.fc24 (2016-ace6f06a4d)

31 Mar 2016, PHP 5.6.20 CLI Server: Fixed bug php69953 Support MKCALENDAR request method. Christoph Core: Fixed bug php71596 Segmentation fault on ZTS with date function setlocale. Anatol Curl: - Fixed bug php71694 Support constant CURLMADDEDALREADY. mpyw Date: - Fixed bug php71635...

FreeBSD : php -- multiple vulnerabilities (482d40cb-f9a3-11e5-92ce-002590263bf5)

The PHP Group reports : - Fileinfo : - Fixed bug 71527 Buffer over-write in finfoopen with malformed magic file. - mbstring : - Fixed bug 71906 AddressSanitizer: negative-size-param -1 in mbflstrcut. - Phar : - Fixed bug 71860 Invalid memory write in phar on filename with \0 in name. - SNMP : -...

Internet Bug Bounty: Negative size parameter (-1) in memcpy mbfl_strcut

https://bugs.php.net/bug.php?id=71906 Memory corruption issue on mbstring extension, issue reported to PHP developers on 2016-03-26, fixed 2016-03-29 and released at 2016-03-31, affected PHP 5.5 , PHP 5.6 and PHP 7. http://php.net/ChangeLog-5.php5.5.34 http://php.net/ChangeLog-5.php5.6.20...

php -- multiple vulnerabilities

The PHP Group reports: Fileinfo: Fixed bug 71527 Buffer over-write in finfoopen with malformed magic file. mbstring: Fixed bug 71906 AddressSanitizer: negative-size-param -1 in mbflstrcut. Phar: Fixed bug 71860 Invalid memory write in phar on filename with \0 in name. SNMP: Fixed bug 71704...

Fedora 20 : php-5.5.24-1.fc20 (2015-6399)

16 Apr 2015, PHP 5.5.24 Apache2handler : - Fixed bug 69218 potential remote code execution with apache 2.4 apache2handler. Gerrit Venema Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 67626 User exceptions not properly handled in streams...

Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

Critical: php

Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...

Oracle Linux 5 : php (ELSA-2009-0338)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0338 advisory. - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 Tenable has extracted the preceding description block directly from the Oracle Linux...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6777)

This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...

PHP mbstring扩展堆溢出漏洞

No description provided by source...

CentOS 5 : php (CESA-2009:0338)

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

PHP mbstring 扩展存在远程执行任意代码漏洞

No description provided by source...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...

SLES11: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-dom php5-exif php5-fastcgi php5-ftp php5-gd php5-gettex...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...

SLES10: Security update for PHP5

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...