[ MDVSA-2015:032 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:032
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : February 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in php:
 
 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x
 through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read
 a .php file, does not properly consider the mapping's length during
 processing of an invalid file that begins with a # character and lacks
 a newline character, which causes an out-of-bounds read and might (1)
 allow remote attackers to obtain sensitive information from php-cgi
 process memory by leveraging the ability t

Leave a Reply