{ "schema_version": "1.7.0", "id": "MGASA-2015-0276", "published": "2015-07-23T09:39:14Z", "modified": "2015-07-23T09:19:26Z", "summary": "Updated php package fixes security vulnerabilities", "details": "Segfault in Phar::convertToData on invalid file (CVE-2015-5589).\n\nBuffer overflow and stack smashing error in phar_fix_filepath\n(CVE-2015-5590).\n\nThe php package has been updated to version 5.5.27, which fixes these\nissues, as well as other possible bugs and security issues, including the\nBACKRONYM flaw, which allows php-mysqlnd client connections that were\nsupposed to use SSL/TLS to be downgraded to not use it.\n", "upstream": [ "CVE-2015-5589", "CVE-2015-5590" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0276.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=16349" }, { "type": "WEB", "url": "http://php.net/ChangeLog-5.php#5.5.27" }, { "type": "WEB", "url": "http://openwall.com/lists/oss-security/2015/07/18/1" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "php", "purl": "pkg:rpm/mageia/php?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.5.27-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "php-apc", "purl": "pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.1.15-4.17.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }