Advisories » MGASA-2013-0172

Updated php packages fix security vulnerabilies

Publication date: 18 Jun 2013
Modification date: 16 Jul 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2110 , CVE-2013-4635

Description

Heap based buffer overflow in quoted_printable_encode() in PHP before
version 5.4.16 (CVE-2013-2110).

Integer overflow in the SdnToJewish function in jewish.c in the Calendar
component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows
context-dependent attackers to cause a denial of service (application hang)
via a large argument to the jdtojewish function. (CVE-2013-4635)

This update provides PHP version 5.4.16 which fixes this as well as
several other issues.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10456
• http://www.php.net/ChangeLog-5.php
• http://lwn.net/Vulnerabilities/559055/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4635

SRPMS

3/core

• php-5.4.16-1.mga3
• php-apc-3.1.14-7.1.mga3
• php-gd-bundled-5.4.16-1.mga3
• php-timezonedb-2013.3-1.mga3