Advisories ยป MGASA-2015-0169

Updated php packages fix security vulnerabilities

Publication date: 25 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2783 , CVE-2015-3329 , CVE-2015-3330

Description

Updated php packages fix security vulnerabilities:

Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).

Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).

Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).

PHP has been updated to version 5.5.24, which fixes these issues and other
bugs.
                

References

SRPMS

4/core