Advisories ยป MGASA-2015-0134

Updated php and libzip packages fix security vulnerabilities

Publication date: 04 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2305 , CVE-2015-2331 , CVE-2015-2787


Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before
5.5.23 on 32-bit systems (CVE-2015-2305).

Integer overflow in zip extension in PHP before 5.5.23 leads to writing past
heap boundary (CVE-2015-2331).

Use after free vulnerability in unserialize() in PHP before 5.5.23

PHP has been updated to version 5.5.23, which fixes these issues and other
bugs.  The php zip extension uses the libzip library, so it has been patched
to fix CVE-2015-2331.