Applies to: Zend Server 6.3 - 9.0 (including 9.0.2)
Product Info: http://www.zend.com/en/products/server
Downloads: http://www.zend.com/en/products/server/downloads
This document contains security information about Zend Server based on published CVE identifiers.
For PHP itself we refer to PHP.net changelogs.
PHP Information
http://php.net/ChangeLog-5.php
http://php.net/ChangeLog-7.php
Zend Server Version Jump
ZendServer 9.0 GA
Has PHP 7.0.6 (See http://www.php.net/ChangeLog-7.php#7.0.6)
ZendServer 9.0.1 GA
Has PHP 7.0.11 (See http://www.php.net/ChangeLog-7.php#7.0.11)
ZendServer 9.0.2 GA
Has PHP 7.0.15 (See http://www.php.net/ChangeLog-7.php#7.0.15)
ZendServer 8.5 GA
Has PHP 5.5.26 (See http://php.net/ChangeLog-5.php#5.5.26)
Includes the following fixes from PHP 5.5.27:
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
Has PHP 5.6.10 (See http://php.net/ChangeLog-5.php#5.6.10)
Includes the following fixes from PHP 5.6.11:
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
ZendServer 8.5.1
Includes the following fixes from PHP 5.5.27:
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
. Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
Includes the following fixes from PHP 5.6.11:
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (CVE-2015-5589)
. Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (CVE-2015-5590)
ZendServer 8.5.2
Has PHP 5.5.30 (See http://php.net/ChangeLog-5.php#5.5.30)
Has PHP 5.6.14 (See http://php.net/ChangeLog-5.php#5.6.14)
ZendServer 8.5.2 hotfix 3
Has PHP 5.5.31 (See http://php.net/ChangeLog-5.php#5.5.31)
Has PHP 5.6.17 (See http://php.net/ChangeLog-5.php#5.6.17)
ZendServer 8.5.3 hotfix 4
Has PHP 5.5.32 (See http://php.net/ChangeLog-5.php#5.5.32)
Has PHP 5.6.18 (See http://php.net/ChangeLog-5.php#5.6.18)
ZendServer 8.5.4 hotfix 5
Has PHP 5.5.36 (See http://php.net/ChangeLog-5.php#5.5.36)
Has PHP 5.6.22 (See http://php.net/ChangeLog-5.php#5.6.22)
ZendServer 8.5.5 hotfix 6
Has PHP 5.5.37 (See http://php.net/ChangeLog-5.php#5.5.37)
Has PHP 5.6.23 (See http://php.net/ChangeLog-5.php#5.6.23)
ZendServer 8.0 GA
Has PHP 5.5.19 (See http://php.net/ChangeLog-5.php#5.5.19)
Has PHP 5.6.3 (See http://php.net/ChangeLog-5.php#5.6.3)
ZendServer 8.0.1
Has PHP 5.5.20 (See http://php.net/ChangeLog-5.php#5.5.20)
Has PHP 5.6.4 (See http://php.net/ChangeLog-5.php#5.6.4)
ZendServer 8.0.2
Has PHP 5.5.21 (See http://php.net/ChangeLog-5.php#5.5.21)
Has PHP 5.6.5 (See http://php.net/ChangeLog-5.php#5.6.5)
ZendServer 8.0.3
Has PHP 5.5.23 (See http://php.net/ChangeLog-5.php#5.5.23)
Has PHP 5.6.7 (See http://php.net/ChangeLog-5.php#5.6.7)
ZendServer 7.0 GA
Has PHP 5.4.29 (See http://php.net/ChangeLog-5.php#5.4.29)
Includes the following fixes from PHP 5.4.30:
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).
Has PHP 5.5.13 (See http://php.net/ChangeLog-5.php#5.5.13)
Includes the following fixes from PHP 5.5.14:
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).
Has OpenSSL 0.9.8za (See https://www.openssl.org/news/secadv_20140605.txt)
ZendServer 7.0 hotfix 1
Has fixes from PHP 5.4.30:
- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
Has fixes from PHP 5.4.32:
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
Has fixes from PHP 5.5.14:
- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
Has fixes from PHP 5.5.15:
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
Has fixes from PHP 5.5.16:
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
Has OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140806.txt):
- Information leak in pretty printing functions (CVE-2014-3508)
- Double Free when processing DTLS packets (CVE-2014-3505)
- DTLS memory exhaustion (CVE-2014-3506)
- DTLS memory leak from zero-length fragments (CVE-2014-3507)
- OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
ZendServer 7.0 hotfix 2
Has PHP 5.4.34 (See http://php.net/ChangeLog-5.php#5.4.34)
Has fixes from PHP 5.4.35:
- Fileinfo:
. Fixed bug #68283: fileinfo: out-of-bounds read in elf note headers (CVE-2014-371)
Has fixes from PHP 5.5.18:
- Core:
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
- cURL:
. Fixed bug #68089 (NULL byte injection - cURL lib).
- Exif:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
ZendServer 7.0 hotfix 3
Has PHP 5.4.36 (See http://php.net/ChangeLog-5.php#5.4.36)
ZendServer 7.0 hotfix 4
Has PHP 5.4.37 (See http://php.net/ChangeLog-5.php#5.4.37)
ZendServer 7.0 hotfix 5
Has PHP 5.4.39 (See http://php.net/ChangeLog-5.php#5.4.39)
ZendServer 7.0 hotfix 6
Has PHP 5.4.43 (See http://php.net/ChangeLog-5.php#5.4.43)
ZendServer 7.0 hotfix 7
Has PHP 5.4.45 (See http://php.net/ChangeLog-5.php#5.4.45)
ZendServer 6.3 GA
Has PHP 5.3.28 (See http://php.net/ChangeLog-5.php#5.3.28)
Has PHP 5.4.23 (See http://php.net/ChangeLog-5.php#5.4.23)
Has PHP 5.5.7 (See http://php.net/ChangeLog-5.php#5.5.7)
Has OpenSSL 0.9.8y (see https://www.openssl.org/news/secadv_20130205.txt)
ZendServer 6.3 hotfix 1
Has fixes from PHP 5.4.26:
Fileinfo:
- Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943).
Has fixes from PHP 5.5.9:
GD:
- Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop(), CVE-2013-7226).
Has fixes from PHP 5.5.10:
Fileinfo:
- Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
ZendServer 6.3 hotfix 2
Has fixes from PHP 5.4.26:
Fileinfo:
- Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
Has fixes from PHP 5.4.27:
Fileinfo:
- Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345))
Has fixes from PHP 5.5.10:
Fileinfo:
- Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
GD:
- Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)).
Has fixes from PHP 5.5.11:
Fileinfo:
- Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345))
ZendServer 6.3 hotfix 3
Has PHP 5.3.29 (See http://php.net/ChangeLog-5.php#5.3.29)
Has fixes from PHP 5.4.30:
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).
- SPL:
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
Has fixes from PHP 5.4.32:
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
Has OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140806.txt):
- Information leak in pretty printing functions (CVE-2014-3508)
- Double Free when processing DTLS packets (CVE-2014-3505)
- DTLS memory exhaustion (CVE-2014-3506)
- DTLS memory leak from zero-length fragments (CVE-2014-3507)
- OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
ZendServer 6.3 hotfix 4
Fixes backported from PHP 5.4 branch to PHP 5.3:
From PHP 5.4.32:
- Core:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- Fileinfo:
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (CVE-2014-4698)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)
From PHP 5.4.34:
- Core:
. Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
- EXIF:
. Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
- XMLRPC:
. Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
From PHP 5.4.35:
- Fileinfo:
. Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
From PHP 5.4.36:
. Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
From PHP 5.4.37:
- Core:
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231)
- EXIF:
. Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
Comments