A security issue and two vulnerabilities have been reported in PHP, which potentially can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service) and compromise a vulnerable system.

1) The security issue is caused due to a change in the behaviour of the "is_a()" function when receiving strings as first argument, which can lead to the "__autoload()" function being called unexpectedly. In context of certain applications that rely on PHP's previous behaviour and do not properly verify input in their "__autoload()" function, this change can open up unexpected attack vectors, which can potentially be exploited to e.g. execute arbitrary PHP code by including arbitrary files from remote resources.

2) The vulnerability is caused due to an integer overflow error within the "exif_process_IFD_TAG()" function (ext/exif/exif.c) when processing offset values within the EXIF header. This can be exploited to read arbitrary data from memory or cause a crash via a specially crafted image.

NOTE: This vulnerability only affects 32 bit versions.

3) PHP does not properly restrict certain potentially dangerous operations (e.g. file access) when processing XSLT style sheets, which can be exploited to e.g. create or overwrite arbitrary files by sending a specially crafted XSLT style sheets to an affected script.

NOTE: Additionally, a weakness exists within the "strtotime()" function when processing a date string containing timezone information may result in a memory leak at each invocation eventually exhausting memory resources.

Solution
Update to version 5.3.9.

Provided and/or discovered by
1) Reported in a PHP bug by Mads, gartneriet.dk.
2) Reported in a PHP bug by flolechaud.
3) Nicolas Gregoire

Changelog
Further details available in Customer Area

Original Advisory
https://bugs.php.net/bug.php?id=55475
https://bugs.php.net/bug.php?id=60150
https://bugs.php.net/bug.php?id=54446
http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
http://www.php.net/archive/2012.php#id2012-01-11-1
https://bugs.php.net/bug.php?id=53502

Nicolas Gregoire:
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5

Technical Analysis
Further details available in Customer Area

Deep Links
Links available in Customer Area