Updated php packages fix security vulnerabilities
Publication date: 25 Apr 2015Modification date: 25 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2783 , CVE-2015-3329 , CVE-2015-3330
Description
Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783). Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329). Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330). PHP has been updated to version 5.5.24, which fixes these issues and other bugs.
References
SRPMS
4/core
- php-5.5.24-1.mga4
- php-apc-3.1.15-4.14.mga4
- php-timezonedb-2015.3-1.mga4