Mandriva Linux Security Advisory 2009-023 - Denial of service, bypass, and various buffer overflows have been addressed in the php package.
92466f410be73bf8a3cbb21d9967b91cb688bf798202ffc8693fb04ad04223e3
Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.
4ea99f4240ecfa30f2ade91fa5134f537e90a95ae74fc87ce3b6a0bdc94aad8f
Gentoo Linux Security Advisory GLSA 200811-05 - PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. Versions less than 5.2.6-r6 are affected.
30a9ea44a0f3a5cea3f6e349d238bdb1d46e22654727c091856a0da2f7e3c893
Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.
3f4762bf322681e8f3484947ebc156f14c168b070b0d2ba92a048e740c8ac08f
Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
883573f7a0443ab580c60394e55fb82a284db1f4f899b409ab00c01fd23259fb
PHP versions 5.2.5 and below suffer from a *printf() functions integer overflow vulnerability.
cc39a63d74c0c0a7f0114003041d88c52816eba258f5f59908c21105896c2750