Updated php packages fix security vulnerabilities
Publication date: 18 May 2015Modification date: 20 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-4021 , CVE-2015-4022 , CVE-2015-4024 , CVE-2015-4025 , CVE-2015-4026
Description
Updated php packages fix security vulnerabilities: Memory Corruption in phar_parse_tarfile when entry filename starts with null (CVE-2015-4021). Integer overflow in ftp_genlist() resulting in heap overflow, potentially exploitable by a hostile FTP server (CVE-2015-4022). PHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024). Various functions allow \0 in paths where they shouldn't. In theory, that could lead to security failure for path-based access controls if the user injects a string with \0 in it. These functions include set_include_path(), tempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec() (CVE-2015-4026).
References
- https://bugs.mageia.org/show_bug.cgi?id=15943
- http://php.net/ChangeLog-5.php#5.5.25
- http://openwall.com/lists/oss-security/2015/05/20/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
SRPMS
4/core
- php-5.5.25-1.mga4
- php-apc-3.1.15-4.15.mga4
- php-timezonedb-2015.4-1.mga4