MGASA-2016-0319
- Source
- https://advisories.mageia.org/MGASA-2016-0319.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0319.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0319
- Related
- Published
- 2016-09-25T15:45:31Z
- Modified
- 2016-09-25T15:29:20Z
- Summary
- Updated php packages fix security vulnerabilities
- Details
-
Memory Corruption in During Deserialized-object Destruction) (CVE-2016-7411).
Heap overflow in mysqlnd related to BIT fields) (CVE-2016-7412).
wddx_deserialize use-after-free (CVE-2016-7413).
Out of bound when verify signature of zip phar in pharparsezipfile) (CVE-2016-7414).
Missing locale length check in php-intl (CVE-2016-7416).
Missing type check when unserializing SplArray) (CVE-2016-7417).
Out-Of-Bounds Read in phpwddxpush_element) (CVE-2016-7418).
The php package has been updated to version 5.6.26, which fixes these issues and other bugs. See the upstream ChangeLog for more details.
- References
-
- https://advisories.mageia.org/MGASA-2016-0319.html
- https://bugs.mageia.org/show_bug.cgi?id=19368
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
- http://www.php.net/ChangeLog-5.php#5.6.26
- http://www.openwall.com/lists/oss-security/2016/09/15/10
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / php
Package
- Name
- php
- Purl
- pkg:rpm/mageia/php?distro=mageia-5