PHP

5.4.40

Released on 16 Apr 2015
Project description.
PHP is a popular general-purpose scripting language that is especially suited to web development
PHP 5.4.40 Changelog
  • Apache2handler:
    • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (CVE-2015-3330)
  • Core:
    • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
    • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
    • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
  • cURL:
    • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
  • Ereg:
    • Fixed bug #68740 (NULL Pointer Dereference).
  • Fileinfo:
    • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
  • GD:
    • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
  • Phar:
    • Fixed bug #68901 (use after free). (CVE-2015-2301)
    • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783)
    • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (CVE-2015-3329)
  • Postgres:
    • Fixed bug #68741 (Null pointer deference). (CVE-2015-1352)
  • SOAP:
    • Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault).
    • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
  • Sqlite3:
    • Fixed bug #66550 (SQLite prepared statement use-after-free).