[ MDVSA-2015:209 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:209
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : April 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated php packages fix security vulnerabilities:
 
 Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).
 
 Buffer Overflow when parsing tar/zip/phar in phar_set_inode
 (CVE-2015-3329).
 
 Potential remote code execution with apache 2.4 apache2handler
 (CVE-2015-3330).
 
 PHP has been updated to version 5.5.24, which fixes these issues and
 other bugs.
 
 Additionally the timezonedb packages has been upgraded to the latest
 version and the PECL packages which requires so has been rebuilt
 for php-

007 Software

Leave a Reply Cancel reply

Software and Security Information