Updated php package fixes security vulnerability
Publication date: 05 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-4598 , CVE-2015-4642 , CVE-2015-4643 , CVE-2015-4644
Description
Incorrect handling of paths with NULs (CVE-2015-4598).
OS command injection vulnerability in escapeshellarg (CVE-2015-4642).
Integer overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4643).
Segfault in php_pgsql_meta_data (CVE-2015-4644).
PHP has been updated to version 5.5.26, which fixes multiple bugs and
potential security issues. Please see the upstream ChangeLog for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=16115
- http://php.net/ChangeLog-5.php#5.5.26
- http://openwall.com/lists/oss-security/2015/06/16/12
- http://openwall.com/lists/oss-security/2015/06/18/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
SRPMS
4/core
- php-5.5.26-1.mga4
- php-apc-3.1.15-4.16.mga4