Lucene search

K
mageiaGentoo FoundationMGASA-2015-0276
HistoryJul 23, 2015 - 12:39 p.m.

Updated php package fixes security vulnerabilities

2015-07-2312:39:14
Gentoo Foundation
advisories.mageia.org
20

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.0%

Segfault in Phar::convertToData on invalid file (CVE-2015-5589). Buffer overflow and stack smashing error in phar_fix_filepath (CVE-2015-5590). The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw, which allows php-mysqlnd client connections that were supposed to use SSL/TLS to be downgraded to not use it.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchphp< 5.5.27-1php-5.5.27-1.mga4
Mageia4noarchphp-apc< 3.1.15-4.17php-apc-3.1.15-4.17.mga4

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.0%