Advisories » MGASA-2018-0222

Updated php packages fix security vulnerabilities

Publication date: 04 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-10546 , CVE-2018-10547 , CVE-2018-10548 , CVE-2018-10549

Description

- Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
(CVE-2018-10549)
- Stream filter convert.iconv leads to infinite loop on invalid sequence
(CVE-2018-10546)
- Malicious LDAP-Server Response causes Crash. (CVE-2018-10548)
- incomplete PHAR Fix (CVE-2018-10547)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549

SRPMS

6/core

• php-5.6.36-1.mga6

5/core

• php-5.6.36-1.mga5