As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.
Issues have been reported in the following:
- integer overflow vulnerabilities in the PHP gd extension
- integer overflow vulnerability in the PHP chunk_split function
- a security update has introduced a bug into PHP session cookie handling
- vulnerability in the PHP money_format function
- vulnerability in the PHP wordwrap function
- vulnerability in PHP session cookie handling
- vulnerability in the PHP gc extension
The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.