Mageia Advisory: MGASA-2017-0040 - Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities

Publication date: 04 Feb 2017
Modification date: 04 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10158 , CVE-2016-10159 , CVE-2016-10160 , CVE-2016-10161

Description

Floating-point exception in php-exif when parsing a tag format
(CVE-2016-10158).

Crash in php-phar while loading hostile phar archive (CVE-2016-10159).

Memory corruption in php-phar when loading hostile phar (CVE-2016-10160).

Heap out of bounds read on unserialize in finish_nested_data()
(CVE-2016-10161).

References

https://bugs.mageia.org/show_bug.cgi?id=20185
http://php.net/ChangeLog-5.php#5.6.30
https://www.cve.org/CVERecord?id=CVE-2016-10158
https://www.cve.org/CVERecord?id=CVE-2016-10159
https://www.cve.org/CVERecord?id=CVE-2016-10160
https://www.cve.org/CVERecord?id=CVE-2016-10161

SRPMS

5/core

php-5.6.30-1.mga5

Advisories » MGASA-2017-0040

Updated php packages fix security vulnerabilities

Description

References

SRPMS

5/core