Advisories ยป MGASA-2015-0276

Updated php package fixes security vulnerabilities

Publication date: 23 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-5589 , CVE-2015-5590

Description

Segfault in Phar::convertToData on invalid file (CVE-2015-5589).

Buffer overflow and stack smashing error in phar_fix_filepath
(CVE-2015-5590).

The php package has been updated to version 5.5.27, which fixes these
issues, as well as other possible bugs and security issues, including the
BACKRONYM flaw, which allows php-mysqlnd client connections that were
supposed to use  SSL/TLS to be downgraded to not use it.
                

References

SRPMS

4/core