Advisories ยป MGASA-2016-0319

Updated php packages fix security vulnerabilities

Publication date: 25 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7411 , CVE-2016-7412 , CVE-2016-7413 , CVE-2016-7414 , CVE-2016-7416 , CVE-2016-7417 , CVE-2016-7418

Description

Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411).

Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412).

wddx_deserialize use-after-free (CVE-2016-7413).

Out of bound when verify signature of zip phar in phar_parse_zipfile)
(CVE-2016-7414).

Missing locale length check in php-intl (CVE-2016-7416).

Missing type check when unserializing SplArray) (CVE-2016-7417).

Out-Of-Bounds Read in php_wddx_push_element) (CVE-2016-7418).

The php package has been updated to version 5.6.26, which fixes these issues
and other bugs.  See the upstream ChangeLog for more details.
                

References

SRPMS

5/core