Advisories » MGASA-2013-0176

Updated php package fixes several issues

Publication date: 19 Jun 2013
Modification date: 17 Jul 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2013-2110 , CVE-2013-4635

Description

Fixed php bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE-2013-2110).

Integer overflow in the SdnToJewish function in jewish.c in the Calendar
component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
context-dependent attackers to cause a denial of service (application hang)
via a large argument to the jdtojewish function. (CVE-2013-4635)

See the changelog for additional bug fixes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10492
• https://bugs.php.net/bug.php?id=64879
• http://www.php.net/ChangeLog-5.php
• http://lwn.net/Vulnerabilities/559055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635

SRPMS

2/core

• php-5.3.26-1.mga2
• php-apc-3.1.13-1.8.mga2
• php-eaccelerator-0.9.6.1-10.10.mga2
• php-gd-bundled-5.3.26-1.mga2
• php-timezonedb-2013.3-1.mga2
• php-firebird-5.3.26-1.mga2
• php-pdo_firebird-5.3.26-1.mga2