Updated php packages fix security vulnerability
Publication date: 05 Jul 2016Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5768 , CVE-2016-5769 , CVE-2016-5770 , CVE-2016-5771 , CVE-2016-5772 , CVE-2016-5773
Description
php-mbstring _php_mb_regex_ereg_replace_exec() - double free (CVE-2016-5768). php-mcrypt heap Overflow due to integer overflows (CVE-2016-5769). php-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770). php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5771). php-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772). php-zip ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (CVE-2016-5773). The php package has been updated to version 5.6.23, fixing these issues and several other bugs. See the upstream ChangeLog for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=18765
- http://php.net/ChangeLog-5.php#5.6.23
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5773
SRPMS
5/core
- php-5.6.23-1.mga5