Updated php packages fix security vulnerabilities
Publication date: 03 Mar 2015Modification date: 03 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0273 , CVE-2015-1351 , CVE-2015-1352
Description
Updated php packages fix security vulnerabilities:
It was discovered that the PHP opcache component incorrectly handled
memory. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2015-1351).
It was discovered that the PHP PostgreSQL database extension incorrectly
handled certain pointers. A remote attacker could possibly use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-1352).
Use after free vulnerability in unserialize() with DateTimeZone in PHP before
5.5.22 (CVE-2015-0273).
PHP has been updated to version 5.5.22, which fixes these issues and other
bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=15319
- http://php.net/ChangeLog-5.php#5.5.22
- http://www.ubuntu.com/usn/usn-2501-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
SRPMS
4/core
- php-5.5.22-1.2.mga4
- php-apc-3.1.15-4.12.mga4