Advisories » MGASA-2014-0542

Updated php packages fix CVE-2014-8142

Publication date: 21 Dec 2014
Modification date: 22 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8142

Description

Updated php packages fix security vulnerability:

A use-after-free flaw was found in PHP unserialize().  An untrusted input
could cause PHP interpreter to crash or, possibly, execute arbitrary code
when processed using unserialize() (CVE-2014-8142).

PHP has been updated to version 5.5.20, which fixes these issues and other
bugs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14848
• http://www.php.net/ChangeLog-5.php#5.5.20
• https://bugzilla.redhat.com/show_bug.cgi?id=1175718
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142

SRPMS

4/core

• php-5.5.20-1.mga4
• php-apc-3.1.15-4.10.mga4