Lucene search

K
mageiaGentoo FoundationMGASA-2015-0258
HistoryJul 05, 2015 - 8:22 p.m.

Updated php package fixes security vulnerability

2015-07-0520:22:03
Gentoo Foundation
advisories.mageia.org
48

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.076

Percentile

94.2%

Incorrect handling of paths with NULs (CVE-2015-4598). OS command injection vulnerability in escapeshellarg (CVE-2015-4642). Integer overflow in ftp_genlist() resulting in heap overflow (CVE-2015-4643). Segfault in php_pgsql_meta_data (CVE-2015-4644). PHP has been updated to version 5.5.26, which fixes multiple bugs and potential security issues. Please see the upstream ChangeLog for details.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp< 5.5.26-1php-5.5.26-1.mga4
Mageia4noarchphp-apc< 3.1.15-4.16php-apc-3.1.15-4.16.mga4

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.076

Percentile

94.2%