PHP 5.6.6 Patches for GHOST Vulnerability
From the 'I Ain't Afraid of No GHOST' files
The so-called GHOST (glibc gethostbyname buffer overflow) vulnerability that was first disclosed in January isn't just about glibc apparently. On February 19, PHP developers released PHP 5.6.6 providing a mitigation for CVE-2015-0235 - aka - GHOST.
In addition to the GHOST mitigation PHP 5.6.6 also includes a fix for CVE-2015-0273, which is a use-after-free memory vulnerability in unserialize() with DateTimeZone)
While PHP 5.6.x is the leading edge of PHP stable releases, the flaws also impact a few prior branches of PHP and as such, PHP 5.4.38 and and 5.5.22 have also been released providing the same security patches.
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist