5.5.382016-07-21stableThe PHP development team announces the immediate availability of PHP 5.5.38. This is a security release that fixes some security related bugs.
Note that according to [our release schedule](http://www.php.net/supported-versions.php), PHP 5.5.38 is the last release of the PHP 5.5 branch. There may be additional release if we discover important security issues that warrant it, otherwise this release will be the final one in the PHP 5.5 branch. If your PHP installation is based on PHP 5.5, it may be a good time to start making the plans for the upgrade to PHP 5.6 or PHP 7.0.(php_url_parse_ex() buffer overflow read). (CVE-2016-6288)70480CVE-2016-6288(Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)72513CVE-2016-6289(Use After Free in unserialize() with Unexpected Session Deserialization). (CVE-2016-6290)72562CVE-2016-6290(HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)72573CVE-2016-5385(Inadequate error handling in bzread()). (CVE-2016-5399)72613CVE-2016-5399(Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)72603CVE-2016-6291(NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)72618CVE-2016-6292(gdImageTrueColorToPaletteBody allows arbitrary write/read access).72512(imagegif/output out-of-bounds access).72519(Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)72558CVE-2016-6207(locale_accept_from_http out-of-bounds access). (CVE-2016-6294)72533CVE-2016-6294(PHP segfaults when accessing nvarchar(max) defined columns). (CVE-2015-8879)69975CVE-2015-8879(Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)72479CVE-2016-6295(heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)72606CVE-2016-6296(Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)72520CVE-2016-6297