PHP versions 5.4.42, 5.5.26, and 5.6.10 provide improved fix for CVE-2015-4022:
Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
The #69545 bug was originally fixed in 5.4.41 / 5.5.25 / 5.6.9 and got CVE-2015-4022 (see bug 1223412), but the fix was found to be incomplete, as explained in the upstream bug.
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1234942]
As noted in the description, this CVE was assigned to an incomplete fix of CVE-2015-4022. All PHP updates for Red Hat Enterprise Linux and Red Hat Software Collections that corrected the original issue CVE-2015-4022 included complete fix and hence also corrected CVE-2015-4643. Fixes are included in the following errata:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Software Collections