Zend Server 6.3 update 3

ZendServer 6.3 update 3

Has PHP 5.3.29 (See http://php.net/ChangeLog-5.php#5.3.29)

Has fixes from PHP 5.4.30:
- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) 
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487)
- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049).
- SPL: 
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515). 

Has fixes from PHP 5.4.32:
- Fileinfo:
  . Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538)
  . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)
- GD:
  . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497)
  . Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120)
- Network:
  . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597)
- SPL:
  . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (CVE-2014-4698)
  . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670)

Has OpenSSL 0.9.8zb (See https://www.openssl.org/news/secadv_20140806.txt):
Information leak in pretty printing functions (CVE-2014-3508)
Double Free when processing DTLS packets (CVE-2014-3505)
DTLS memory exhaustion (CVE-2014-3506)
DTLS memory leak from zero-length fragments (CVE-2014-3507)
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)