[ glsa 201606-10 ] php

[GLSA]

Gentoo Linux Security Advisory

Title: PHP: Multiple vulnerabilities (GLSA 201606-10)
Severity: normal
Exploitable: remote
Date: June 19, 2016
Bug(s): #537586, #541098, #544186, #544330, #546872, #549538, #552408, #555576, #555830, #556952, #559612, #562882, #571254, #573892, #577376
ID: 201606-10

Synopsis

Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.


Background

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.


Affected Packages

Package: dev-lang/php
Vulnerable: < 5.6.19
Unaffected: >= 5.6.19
Unaffected: >= 5.5.33 < 5.5.34
Unaffected: >= 5.5.34 < 5.5.35
Unaffected: >= 5.5.35 < 5.5.36
Unaffected: >= 5.5.36 < 5.5.37
Unaffected: >= 5.5.37 < 5.5.38
Unaffected: >= 5.5.38 < 5.5.39
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.


Impact

An attacker can possibly execute arbitrary code or create a Denial of
Service condition.


Workaround

There is no known workaround at this time.

Resolution

All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
5.4 is now masked in Portage: