ELSA-2015-1218

Описание

[5.3.3-46]

• fix gzfile accept paths with NUL character #1213407
• fix patch for CVE-2015-4024

[5.3.3-45]

• fix more functions accept paths with NUL character #1213407

[5.3.3-44]

• soap: missing fix for #1222538 and #1204868

[5.3.3-43]

• core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024
• fix various functions accept paths with NUL character CVE-2015-4026, #1213407
• ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022
• phar: fix buffer over-read in metadata parsing CVE-2015-2783
• phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307
• phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
• phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021
• soap: more fix type confusion through unserialize #1222538

[5.3.3-42]

• soap: more fix type confusion through unserialize #1204868

[5.3.3-41]

• core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425
• core: fix use-after-free in unserialize CVE-2015-2787
• exif: fix free on unitialized pointer CVE-2015-0232
• gd: fix buffer read overflow in gd_gif.c CVE-2014-9709
• date: fix use after free vulnerability in unserialize CVE-2015-0273
• enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705
• phar: use after free in phar_object.c CVE-2015-2301
• soap: fix type confusion through unserialize