[Nucleus] PHP 5.3.29-27 (Security Update)

May 12, 2015

Written by: Scott Shinn

Please note this is an important security update. It is highly recommended to upgrade to to version 5.3.29-27 PHP, and PHP Panda.


  • Security fix for CVE-2014-8142
  • Security fix for CVE-2014-9425

Additionally, the following CVE does *NOT* effect Nucleus builds of PHP:

* CVE-2014-9427 — PHP-CGI Out of Bounds Read Code Execution Vulnerability

Vulnerability scans reporting PHP 5.3.29 as being vulnerable to the above CVE are false positive results. The following test case can be used:

printf “#” > CVE-2014-9427.php

php-cgi CVE-2014-9427.php

A vulnerable version would return a Segmentation Fault.

Protect Your Server Now

©2015 Atomicorp, All Rights Reserved