Advisories ยป MGASA-2013-0172

Updated php packages fix security vulnerabilies

Publication date: 18 Jun 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2110 , CVE-2013-4635


Heap based buffer overflow in quoted_printable_encode() in PHP before
version 5.4.16 (CVE-2013-2110).

Integer overflow in the SdnToJewish function in jewish.c in the Calendar
component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
context-dependent attackers to cause a denial of service (application hang)
via a large argument to the jdtojewish function. (CVE-2013-4635)

This update provides PHP version 5.4.16 which fixes this as well as
several other issues.