MGASA-2014-0178

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0178.html

Import Source

https://advisories.mageia.org/MGASA-2014-0178.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0178

Related

CVE-2013-7345

Published

2014-04-17T20:20:35Z

Modified

2014-04-17T20:20:15Z

Summary

Updated php packages fix security vulnerability

Details

Updated php packages fix security vulnerability:

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345).

PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.4.27 and 5.5.11, which fix this issue and several other bugs.

Also, the timezonedb PHP PECL module has been updated to its newest version.

Additionally, php-apc has been rebuilt against the updated php packages.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / php

Package

Name: php
Purl: pkg:rpm/mageia/php?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.27-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.14-7.7.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / php-timezonedb

Package

Name: php-timezonedb
Purl: pkg:rpm/mageia/php-timezonedb?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.2-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / php-gd-bundled

Package

Name: php-gd-bundled
Purl: pkg:rpm/mageia/php-gd-bundled?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.27-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / php

Package

Name: php
Purl: pkg:rpm/mageia/php?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.11-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.15-4.2.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / php-timezonedb

Package

Name: php-timezonedb
Purl: pkg:rpm/mageia/php-timezonedb?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.2-1.mga4

Ecosystem specific

{
    "section": "core"
}