FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php5 -- multiple vulnerabilities

Affected packages
php5 < 5.4.38
php55 < 5.5.22
php56 < 5.6.6

Details

VuXML ID f7a9e415-bdca-11e4-970c-000c292ee6b8
Discovery 2015-02-18
Entry 2015-02-26

The PHP Project reports:

Use after free vulnerability in unserialize() with DateTimeZone.

Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow.

References

CVE Name CVE-2015-0235
CVE Name CVE-2015-0273
URL http://php.net/ChangeLog-5.php#5.4.38
URL http://php.net/ChangeLog-5.php#5.5.22
URL http://php.net/ChangeLog-5.php#5.6.6