{ "schema_version": "1.7.0", "id": "MGASA-2014-0430", "published": "2014-10-28T11:33:36Z", "modified": "2026-03-24T18:25:47Z", "summary": "Updated php packages fix security vulnerabilities", "details": "An integer overflow flaw in PHP's unserialize() function was reported. If\nunserialize() were used on untrusted data, this issue could lead to a crash or\npotentially information disclosure (CVE-2014-3669).\n\nA heap corruption issue was reported in PHP's exif_thumbnail() function. A\nspecially-crafted JPEG image could cause the PHP interpreter to crash or,\npotentially, execute arbitrary code (CVE-2014-3670).\n\nIf client-supplied input was passed to PHP's cURL client as a URL to download,\nit could return local files from the server due to improper handling of null\nbytes (PHP#68089).\n\nPHP has been updated to version 5.4.34 for Mageia 3 and 5.5.18 for Mageia 4,\nwhich fix these issues and other bugs.\n\nAdditionally, the suhosin PHP extension has been updated to version 0.9.36\nand a bug in the php zip extension that could cause a crash on Mageia 4 has\nbeen fixed (mga#13820)\n", "upstream": [ "CVE-2014-3669", "CVE-2014-3670" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0430.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14326" }, { "type": "WEB", "url": "http://www.php.net/ChangeLog-5.php#5.5.18" }, { "type": "WEB", "url": "http://www.php.net/ChangeLog-5.php#5.4.34" }, { "type": "ADVISORY", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3669" }, { "type": "ADVISORY", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3670" }, { "type": "REPORT", "url": "https://bugs.php.net/bug.php?id=68089" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13820" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "php", "purl": "pkg:rpm/mageia/php?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.4.34-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "php-apc", "purl": "pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.1.14-7.13.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "php-gd-bundled", "purl": "pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.4.34-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "php-suhosin", "purl": "pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.9.36-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "php", "purl": "pkg:rpm/mageia/php?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.5.18-1.1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "php-apc", "purl": "pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.1.15-4.8.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "php-suhosin", "purl": "pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.9.36-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }