This update for php53 fixes the following security issues:
- CVE-2016-7124: Create an Unexpected Object and Don’t Invoke __wakeup()
in Deserialization
- CVE-2016-7125: PHP Session Data Injection Vulnerability
- CVE-2016-7126: select_colors write out-of-bounds
- CVE-2016-7127: imagegammacorrect allowed arbitrary write access
- CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF
- CVE-2016-7129: wddx_deserialize allows illegal memory access
- CVE-2016-7130: wddx_deserialize null dereference
- CVE-2016-7131: wddx_deserialize null dereference with invalid xml
- CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element
- CVE-2016-7411: php5: Memory corruption when destructing deserialized
object
- CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG
in BIT field
- CVE-2016-7413: Use after free in wddx_deserialize
- CVE-2016-7414: Out of bounds heap read when verifying signature of zip
phar in phar_parse_zipfile
- CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message
- CVE-2016-7417: Missing type check when unserializing SplArray
- CVE-2016-7418: Null pointer dereference in php_wddx_push_element