Advisories » MGASA-2014-0441

Updated php packages fix security vulnerability

Publication date: 12 Nov 2014
Modification date: 12 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3710

Description

An out-of-bounds read flaw was found in file's donote() function in the way
the file utility determined the note headers of a elf file. This could
possibly lead to file executable crash (CVE-2014-3710).

PHP uses an embedded copy of file's libmagic library, and was therefore
affected.  It has been patched to correct this issue.

This update also provides an updated php-timezonedb.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14412
• https://rhn.redhat.com/errata/RHSA-2014-1767.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

SRPMS

3/core

• php-5.4.34-1.1.mga3
• php-timezonedb-2014.9-1.mga3

4/core

• php-5.5.18-1.2.mga4
• php-timezonedb-2014.9-1.mga4