Description
PHP 5.3 was updated to fix three security issues:
CVE-2014-8142: Use-after-free vulnerability allowed remote attackers
to execute arbitrary code via a crafted unserialize call that
leveraged improper handling of duplicate keys within the serialized
properties of an object (bnc#910659).
CVE-2015-0231: Use-after-free vulnerability allowed remote attackers
to execute arbitrary code via a crafted unserialize call that
leveraged improper handling of duplicate numerical keys within the
serialized properties of an object. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2014-8142 (bnc#910659).
CVE-2015-0232: The exif_process_unicode function allowed remote
attackers to execute arbitrary code or cause a denial of service
(uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690).