rh-php56-php-5.6.5-8.el7

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

This package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP 2.4 Server.

Security issues fixed with this release:

CVE-2015-5589
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5590
Stack-based buffer overflow in the phar_fix_filepath function in
ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x
before 5.6.11 allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a large length value, as
demonstrated by mishandling of an e-mail attachment by the imap PHP
extension.
CVE-2015-6831
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44,
5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to
execute arbitrary code via vectors involving (1) ArrayObject, (2)
SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled
during unserialization.
CVE-2015-6832
Use-after-free vulnerability in the SPL unserialize implementation in
ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and
5.6.x before 5.6.12 allows remote attackers to execute arbitrary code
via crafted serialized data that triggers misuse of an array field.
CVE-2015-6833
Directory traversal vulnerability in the PharData class in PHP before
5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote
attackers to write to arbitrary files via a .. (dot dot) in a ZIP
archive entry that is mishandled during an extractTo call.
CVE-2015-6834
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6835
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6836
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45,
5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage
headers, which allows remote attackers to execute arbitrary code via
crafted serialized data that triggers a "type confusion" in the
serialize_function_call function.
CVE-2015-6837
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-6838
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7803
The phar_get_entry_data function in ext/phar/util.c in PHP before
5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
a .phar file with a crafted TAR archive entry in which the Link
indicator references a file that does not exist.
CVE-2015-7804
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c
in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers
to cause a denial of service (uninitialized pointer dereference and
application crash) by including the / filename in a .zip PHAR archive.