Red Hat Security Advisory 2015-1219-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.
f12d0457f7fa5153221b85bd57751a48d0a46a1f3e20662d0c23e31c3d87af18
Red Hat Security Advisory 2015-1218-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
f71a8aee7d3ef2bbf2887ea24776b5bd018766e584acec28464f0aaad7cffb13
Ubuntu Security Notice 2658-1 - Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service. Various other issues were also addressed.
1fc41b927687f1ac2f48366d26ab0ea7c0053a773453977950cd33ec2a6f05f3
Red Hat Security Advisory 2015-1187-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
b34c749711ea3b7e7d1f8a9142f1a2421a5974fbdf7e052124d26207fc456487
Red Hat Security Advisory 2015-1186-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
0b7187415bdc0d78cd103b4bbf0cb103aecd6b3554e4079ac4b6be16514b3447
Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d46bff1ad8715f8db73bf3d6deb2ea0641bf605d7e81b4b90da0ea972c16a264
Debian Linux Security Advisory 3280-1 - Multiple vulnerabilities have been discovered in PHP.
370efd21385ef328b87cf11369b67ae2873d3031fdea71b72c144a0041f322d8