PHP 5.6.6 Patches for GHOST Vulnerability

From the ‘I Ain’t Afraid of No GHOST’ files

The so-called GHOST (glibc gethostbyname buffer overflow) vulnerability that was first disclosed in January isn’t just about glibc apparently. On February 19, PHP developers released PHP 5.6.6 providing a mitigation for CVE-2015-0235 – aka – GHOST.php

In addition to the GHOST mitigation PHP 5.6.6 also includes a fix for CVE-2015-0273, which is a use-after-free memory vulnerability in unserialize() with DateTimeZone)

While PHP 5.6.x is the leading edge of PHP stable releases, the flaws also impact a few prior branches of PHP and as such, PHP 5.4.38 and and 5.5.22 have also been released providing the same security patches.

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web