Advisories ยป MGASA-2016-0238

Updated php packages fix security vulnerability

Publication date: 05 Jul 2016
Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5768 , CVE-2016-5769 , CVE-2016-5770 , CVE-2016-5771 , CVE-2016-5772 , CVE-2016-5773

Description

php-mbstring _php_mb_regex_ereg_replace_exec() - double free
(CVE-2016-5768).

php-mcrypt heap Overflow due to integer overflows (CVE-2016-5769).

php-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770).

php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize
(CVE-2016-5771).

php-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772).

php-zip ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize (CVE-2016-5773).

The php package has been updated to version 5.6.23, fixing these issues
and several other bugs.  See the upstream ChangeLog for details.
                

References

SRPMS

5/core