PHP5 has been updated to fix four security vulnerabilities:
* Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049)
* Heap based buffer overflow in time handling in openssl_x509_parse
(CVE-2013-6420)
* Man in the Middle attack in the the openssl_x509_parse due to lack
of \0 handling (CVE-2013-4248)
* NULL pointer dereference in GD XPM decoder (CVE-2014-2497)
Security Issues:
* CVE-2014-4049
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049</a>>
* CVE-2013-6420
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a>>
* CVE-2013-4248
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248</a>>
* CVE-2014-2497
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497</a>>