MGASA-2015-0276

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0276.html

Import Source

https://advisories.mageia.org/MGASA-2015-0276.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0276

Upstream

CVE-2015-5589

CVE-2015-5590

Published

2015-07-23T09:39:14Z

Modified

2026-04-16T06:24:15.254004418Z

Summary

Updated php package fixes security vulnerabilities

Details

Segfault in Phar::convertToData on invalid file (CVE-2015-5589).

Buffer overflow and stack smashing error in pharfixfilepath (CVE-2015-5590).

The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw, which allows php-mysqlnd client connections that were supposed to use SSL/TLS to be downgraded to not use it.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / php

Package

Name: php
Purl: pkg:rpm/mageia/php?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.27-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0276.json"

Mageia:4 / php-apc

Package

Name: php-apc
Purl: pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.15-4.17.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0276.json"