[Nucleus] PHP 5.3.29-27 (Security Update)
May 12, 2015
Written by: Scott Shinn
Please note this is an important security update. It is highly recommended to upgrade to to version 5.3.29-27 PHP, and PHP Panda.
- Security fix for CVE-2014-8142
- Security fix for CVE-2014-9425
Additionally, the following CVE does *NOT* effect Nucleus builds of PHP:
* CVE-2014-9427 — PHP-CGI Out of Bounds Read Code Execution Vulnerability
Vulnerability scans reporting PHP 5.3.29 as being vulnerable to the above CVE are false positive results. The following test case can be used:
printf “#” > CVE-2014-9427.php
A vulnerable version would return a Segmentation Fault.