Lucene search

K
mageiaGentoo FoundationMGASA-2015-0134
HistoryApr 04, 2015 - 2:13 p.m.

Updated php and libzip packages fix security vulnerabilities

2015-04-0414:13:35
Gentoo Foundation
advisories.mageia.org
33

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.951

Percentile

99.4%

Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems (CVE-2015-2305). Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary (CVE-2015-2331). Use after free vulnerability in unserialize() in PHP before 5.5.23 (CVE-2015-2787). PHP has been updated to version 5.5.23, which fixes these issues and other bugs. The php zip extension uses the libzip library, so it has been patched to fix CVE-2015-2331.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp< 5.5.23-1php-5.5.23-1.mga4
Mageia4noarchphp-apc< 3.1.15-4.13php-apc-3.1.15-4.13.mga4
Mageia4noarchlibzip< 0.11.2-1.1libzip-0.11.2-1.1.mga4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.951

Percentile

99.4%