Gentoo Linux Security Advisory 201110-6 - Multiple vulnerabilities were found in PHP, the worst of which leading to remote execution of arbitrary code. Versions less than 5.3.8 are affected.
d937f7ba42bbe2df00e5d03e378b1b5a751d7ff00095557a71a01c62290ba6b0
Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
913a13e39a2c89b9d6470dae0fbd06dbbb46dd11bfc6b11630757c337688701f