PHP developers have released a patch 5.6.2,5.5.18 and 5.4.34
All holes were discovered in September of this year.
The most dangerous flaw was patched vulnerabilities CVE-2014-3669.It can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.
In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).
The vulnerabilities were originally discovered by the Research Lab of IT security company High-Tech Bridge