Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cd
Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.
362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367b
HP Security Bulletin HPSBMU03112 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. Revision 1 of this advisory.
c7ee397bfe22743f1104826923b5ce2ee2bca83ffb77b9abc0126c7de3855248
Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1
Red Hat Security Advisory 2014-1012-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. Two denial of service flaws were found in the way the File Information extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.
75d69ed5db0c26d8fff244ccb4d6071a528c9b06c9770c22a68c4d391a8305a7
Mandriva Linux Security Advisory 2014-014 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service via a crafted interval specification. The updated php packages have been upgraded to the 5.5.8 version which is not vulnerable to these issues. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions.
8cf7940a193c870dfe4a5421f1538695dff4660b76dc24b692930776885f8223
Ubuntu Security Notice 2055-1 - Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PHP incorrectly handled DateInterval objects. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.
c6ef991d0ccc41796972414e6d71c5b30987d4a61cbb7d2479a0c2048a6270da
Debian Linux Security Advisory 2816-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
a0155be6343e9327de45b565e42824097017d0c21bade638fa6da7395e180c7f