MGASA-2015-0231
- Source
- https://advisories.mageia.org/MGASA-2015-0231.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0231.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0231
- Upstream
- Published
- 2015-05-18T19:08:05Z
- Modified
- 2026-04-16T06:23:57.176551678Z
- Summary
- Updated php packages fix security vulnerabilities
- Details
-
Updated php packages fix security vulnerabilities:
Memory Corruption in pharparsetarfile when entry filename starts with null (CVE-2015-4021).
Integer overflow in ftp_genlist() resulting in heap overflow, potentially exploitable by a hostile FTP server (CVE-2015-4022).
PHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024).
Various functions allow \0 in paths where they shouldn't. In theory, that could lead to security failure for path-based access controls if the user injects a string with \0 in it. These functions include setincludepath(), tempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec() (CVE-2015-4026).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / php
Package
- Name
- php
- Purl
- pkg:rpm/mageia/php?arch=source&distro=mageia-4
Mageia:4 / php-apc
Package
- Name
- php-apc
- Purl
- pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4
Mageia:4 / php-timezonedb
Package
- Name
- php-timezonedb
- Purl
- pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-4