Advisories ยป MGASA-2014-0441

Updated php packages fix security vulnerability

Publication date: 12 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3710

Description

An out-of-bounds read flaw was found in file's donote() function in the way
the file utility determined the note headers of a elf file. This could
possibly lead to file executable crash (CVE-2014-3710).

PHP uses an embedded copy of file's libmagic library, and was therefore
affected.  It has been patched to correct this issue.

This update also provides an updated php-timezonedb.
                

References

SRPMS

3/core

4/core