Updated php packages fix security vulnerabilities
Publication date: 04 Feb 2017Modification date: 04 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10158 , CVE-2016-10159 , CVE-2016-10160 , CVE-2016-10161
Description
Floating-point exception in php-exif when parsing a tag format (CVE-2016-10158). Crash in php-phar while loading hostile phar archive (CVE-2016-10159). Memory corruption in php-phar when loading hostile phar (CVE-2016-10160). Heap out of bounds read on unserialize in finish_nested_data() (CVE-2016-10161).
References
- https://bugs.mageia.org/show_bug.cgi?id=20185
- http://php.net/ChangeLog-5.php#5.6.30
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10158
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161
SRPMS
5/core
- php-5.6.30-1.mga5