Lucene search

K
osvGoogleOSV:DSA-3198-2
HistoryMar 20, 2015 - 12:00 a.m.

php5 - regression update

2015-03-2000:00:00
Google
osv.dev
14

EPSS

0.951

Percentile

99.4%

Multiple vulnerabilities have been discovered in the PHP language:

  • CVE-2015-2301
    Use-after-free in the phar extension.
  • CVE-2015-2331
    Emmanuel Law discovered an integer overflow in the processing
    of ZIP archives, resulting in denial of service or potentially
    the execution of arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.39-0+deb7u1. This update also fixes a regression in the
curl support introduced in DSA 3195.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your php5 packages.