ID: IRCNE2015022429
Date: 2015-02-23
According to “InternetNews”, the so-called GHOST (glibc gethostbyname buffer overflow) vulnerability that was first disclosed in January isn't just about glibc apparently. On February 19, PHP developers released PHP 5.6.6 providing a mitigation for CVE-2015-0235 - aka -
In addition to the GHOST mitigation PHP 5.6.6 also includes a fix for CVE-2015-0273, which is a use-after-free memory vulnerability in unserialize() with DateTimeZone)
While PHP 5.6.x is the leading edge of PHP stable releases, the flaws also impact a few prior branches of PHP and as such, PHP 5.4.38 and and 5.5.22 have also been released providing the same security patches.
- 4