Advisories » MGASA-2018-0390

Updated php packages fix security vulnerability

Publication date: 21 Sep 2018
Modification date: 21 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14851 , CVE-2018-14883

Description

- Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
  (CVE-2018-14883)
- heap-buffer-overflow (READ of size 48) while reading exif data
  (CVE-2018-14851)
- XSS due to the header Transfer-Encoding: chunked 
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23564
• http://us3.php.net/archive/2018.php#id2018-07-20-1
• http://www.php.net/ChangeLog-5.php#5.6.37
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14851
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14883

SRPMS

6/core

• php-5.6.38-1.mga6