PHP versions 5.4.42, 5.5.26, and 5.6.10 provide improved fix for CVE-2015-4022: Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). Upstream bug: https://bugs.php.net/bug.php?id=69545#1431550655 Upstream fix: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 The #69545 bug was originally fixed in 5.4.41 / 5.5.25 / 5.6.9 and got CVE-2015-4022 (see bug 1223412), but the fix was found to be incomplete, as explained in the upstream bug.
Created php tracking bugs for this issue: Affects: fedora-all [bug 1234942]
As noted in the description, this CVE was assigned to an incomplete fix of CVE-2015-4022. All PHP updates for Red Hat Enterprise Linux and Red Hat Software Collections that corrected the original issue CVE-2015-4022 included complete fix and hence also corrected CVE-2015-4643. Fixes are included in the following errata: Red Hat Enterprise Linux 6 https://rhn.redhat.com/errata/RHSA-2015-1218.html Red Hat Enterprise Linux 7 https://rhn.redhat.com/errata/RHSA-2015-1135.html Red Hat Software Collections https://rhn.redhat.com/errata/RHSA-2015-1219.html php54-php https://rhn.redhat.com/errata/RHSA-2015-1186.html php55-php https://rhn.redhat.com/errata/RHSA-2015-1187.html rh-php56-php