Advisories » MGASA-2016-0213

Updated php packages fix security vulnerabilities

Publication date: 02 Jun 2016
Modification date: 02 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5093 , CVE-2016-5094 , CVE-2016-5096

Description

Updated php packages fix security vulnerabilities:

In php-intl, get_icu_value_internal out-of-bounds read (CVE-2016-5093).

Integer Overflow in php_html_entities (CVE-2016-5094).

Integer underflow / arbitrary null write in fread/gzread (CVE-2016-5096).

The php package has been updated to version 5.6.22, which fixes these
security issues and other bugs.  See the upstream ChangeLog for more details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18545
• http://www.php.net/ChangeLog-5.php#5.6.22
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096

SRPMS

5/core

• php-5.6.22-1.mga5