Ubuntu Security Notice 3095-1 - Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. Various other issues were also addressed.
5aec96083f99da181560a00863dcd9ce51c64d925bc8cd911930c3d8b4c4d77e