Lucene search

K
mageiaGentoo FoundationMGASA-2014-0542
HistoryDec 21, 2014 - 11:47 p.m.

Updated php packages fix CVE-2014-8142

2014-12-2123:47:32
Gentoo Foundation
advisories.mageia.org
28

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.861

Percentile

98.6%

Updated php packages fix security vulnerability: A use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142). PHP has been updated to version 5.5.20, which fixes these issues and other bugs.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp< 5.5.20-1php-5.5.20-1.mga4
Mageia4noarchphp-apc< 3.1.15-4.10php-apc-3.1.15-4.10.mga4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.861

Percentile

98.6%