MGASA-2015-0134

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0134.html

Import Source

https://advisories.mageia.org/MGASA-2015-0134.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0134

Related

Published

2015-04-04T11:13:35Z

Modified

2015-04-04T11:04:40Z

Summary

Updated php and libzip packages fix security vulnerabilities

Details

Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems (CVE-2015-2305).

Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary (CVE-2015-2331).

Use after free vulnerability in unserialize() in PHP before 5.5.23 (CVE-2015-2787).

PHP has been updated to version 5.5.23, which fixes these issues and other bugs. The php zip extension uses the libzip library, so it has been patched to fix CVE-2015-2331.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / php

Package

Name: php
Purl: pkg:rpm/mageia/php?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.23-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.15-4.13.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / libzip

Package

Name: libzip
Purl: pkg:rpm/mageia/libzip?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.2-1.1.mga4

Ecosystem specific

{
    "section": "core"
}