Ubuntu Security Notice 3095-1 – Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Taoguang Chen discovered that PHP incorrectly handled invalid session names. A remote attacker could use this issue to inject arbitrary session data. Various other issues were also addressed.