Updated php packages fix security vulnerabilities
Publication date: 25 Sep 2016Modification date: 25 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7411 , CVE-2016-7412 , CVE-2016-7413 , CVE-2016-7414 , CVE-2016-7416 , CVE-2016-7417 , CVE-2016-7418
Description
Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411). Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412). wddx_deserialize use-after-free (CVE-2016-7413). Out of bound when verify signature of zip phar in phar_parse_zipfile) (CVE-2016-7414). Missing locale length check in php-intl (CVE-2016-7416). Missing type check when unserializing SplArray) (CVE-2016-7417). Out-Of-Bounds Read in php_wddx_push_element) (CVE-2016-7418). The php package has been updated to version 5.6.26, which fixes these issues and other bugs. See the upstream ChangeLog for more details.
References
- https://bugs.mageia.org/show_bug.cgi?id=19368
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
- http://www.php.net/ChangeLog-5.php#5.6.26
- http://www.openwall.com/lists/oss-security/2016/09/15/10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
SRPMS
5/core
- php-5.6.26-1.mga5