MGASA-2014-0430

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0430.html

Import Source

https://advisories.mageia.org/MGASA-2014-0430.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0430

Upstream

CVE-2014-3669

CVE-2014-3670

Published

2014-10-28T11:33:36Z

Modified

2026-04-16T06:25:51.441801617Z

Summary

Updated php packages fix security vulnerabilities

Details

An integer overflow flaw in PHP's unserialize() function was reported. If unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669).

A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).

If client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089).

PHP has been updated to version 5.4.34 for Mageia 3 and 5.5.18 for Mageia 4, which fix these issues and other bugs.

Additionally, the suhosin PHP extension has been updated to version 0.9.36 and a bug in the php zip extension that could cause a crash on Mageia 4 has been fixed (mga#13820)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3

php

Package

Name: php
Purl: pkg:rpm/mageia/php?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.34-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.14-7.13.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

php-gd-bundled

Package

Name: php-gd-bundled
Purl: pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.34-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

php-suhosin

Package

Name: php-suhosin
Purl: pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.36-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

Mageia:4

php

Package

Name: php
Purl: pkg:rpm/mageia/php?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.18-1.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.15-4.8.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"

php-suhosin

Package

Name: php-suhosin
Purl: pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.36-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0430.json"