PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Уязвимость компонента ext/date/lib/parse_date.c интерпретатора языка программирования PHP, позволяющая нарушителю оказать воздействие на конфиденциальность информации

Security update for php5

Security update for php5

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ...

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.

The finish_nested_data function in ext/standard/var_unserializer.re in ...