Advisories ยป MGASA-2017-0040

Updated php packages fix security vulnerabilities

Publication date: 04 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10158 , CVE-2016-10159 , CVE-2016-10160 , CVE-2016-10161

Description

Floating-point exception in php-exif when parsing a tag format
(CVE-2016-10158).

Crash in php-phar while loading hostile phar archive (CVE-2016-10159).

Memory corruption in php-phar when loading hostile phar (CVE-2016-10160).

Heap out of bounds read on unserialize in finish_nested_data()
(CVE-2016-10161).
                

References

SRPMS

5/core