Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
An input validation error exists within the
"ZipArchive::extractTo()" function when extracting ZIP archives.
This can be exploited to extract files to arbitrary locations
outside the specified directory via directory traversal sequences in
a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a
buffer overflow.
The problem is that the "BG(page_uid)" and "BG(page_gid)" variables
are not initialized. No further information is currently
available.
The problem is that the "php_value" order is incorrect for Apache
configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a
specially crafted font file.