A vulnerability has been found and corrected in libxml2:

A denial of service flaw was found in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by
an application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior
(CVE-2014-3660).

The updated packages have been patched to correct this issue.

Multiple vulnerabilities has been discovered and corrected in openssl:

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade. Some client applications (such as browsers) will reconnect
using a downgraded protocol to work around interoperability bugs in
older servers. This could be exploited by an active man-in-the-middle
to downgrade connections to SSL 3.0 even if both sides of the
connection support higher protocols. SSL 3.0 contains a number of
weaknesses including POODLE (CVE-2014-3566).

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack (CVE-2014-3567).

The updated packages have been upgraded to the 1.0.0o version where
these security flaws has been fixed.

A vulnerability has been discovered and corrected in php:

A heap corruption issue was reported in PHP’s exif_thumbnail()
function. A specially-crafted JPEG image could cause the PHP
interpreter to crash or, potentially, execute arbitrary code
(CVE-2014-3670).

The updated php packages have been upgraded to the 5.5.18 version
resolve this security flaw.

Additionally, php-apc has been rebuilt against the updated php
packages.