Updated php package fixes security vulnerabilitiesPublication date: 23 Jul 2015
Affected Mageia releases : 4
CVE: CVE-2015-5589 , CVE-2015-5590
Segfault in Phar::convertToData on invalid file (CVE-2015-5589). Buffer overflow and stack smashing error in phar_fix_filepath (CVE-2015-5590). The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw, which allows php-mysqlnd client connections that were supposed to use SSL/TLS to be downgraded to not use it.