{ "schema_version": "1.7.0", "id": "MGASA-2015-0090", "published": "2015-03-03T21:16:02Z", "modified": "2015-03-03T21:07:46Z", "summary": "Updated php packages fix security vulnerabilities", "details": "Updated php packages fix security vulnerabilities:\n\nIt was discovered that the PHP opcache component incorrectly handled\nmemory. A remote attacker could possibly use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode (CVE-2015-1351).\n\nIt was discovered that the PHP PostgreSQL database extension incorrectly\nhandled certain pointers. A remote attacker could possibly use this issue\nto cause PHP to crash, resulting in a denial of service, or possibly\nexecute arbitrary code (CVE-2015-1352).\n\nUse after free vulnerability in unserialize() with DateTimeZone in PHP before\n5.5.22 (CVE-2015-0273).\n\nPHP has been updated to version 5.5.22, which fixes these issues and other\nbugs.\n", "upstream": [ "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0090.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=15319" }, { "type": "WEB", "url": "http://php.net/ChangeLog-5.php#5.5.22" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-2501-1/" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "php", "purl": "pkg:rpm/mageia/php?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.5.22-1.2.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "php-apc", "purl": "pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.1.15-4.12.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }