Fedora 23 : php-5.6.13-1.fc23 (2015-14978)

03 Sep 2015, PHP 5.6.13 Core: Fixed bug 69900 Too long timeout on pipes. Anatol Fixed bug 69487 SAPI may truncate POST data. cmb Fixed bug 70198 Checking liveness does not work as expected. Shafreeck Sea, Anatol Belski Fixed bug 70172 Use After Free Vulnerability in unserialize. Stas Fixed bug...

PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)

A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...

PHP Core unserialize process nested data Use After Free (CVE-2014-8142)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...

PHP Core unserialize Function Integer Overflow (CVE-2014-3669)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to an integer overflow within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialize data to a web application running a vulnerable version of PHP. A successful...

Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference

On Wed, 16 Feb 2011 16:11:23 -0700 cxib wrote: Affected Software: - PHP 5.3.5 grapheme is neither part of PHP core, nor built-in PHP extension, therefore above is false as bug is not in PHP itself. People using PHP 5.3.5 but not using grapheme some distros like Debian and derrivatives offer this...