VDB
GCVE-110-MAGEIA-2015-231
GCVE-110-MAGEIA-2015-231
Advisory Published
Updated php packages fix security vulnerabilities:
Memory Corruption in phar_parse_tarfile when entry filename starts with null
(CVE-2015-4021).
Integer overflow in ftp_genlist() resulting in heap overflow, potentially
exploitable by a hostile FTP server (CVE-2015-4022).
PHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024).
Various functions allow \0 in paths where they shouldn't. In theory, that
could lead to security failure for path-based access controls if the user
injects a string with \0 in it. These functions include set_include_path(),
tempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec()
(CVE-2015-4026).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-timezonedb | 2015.4-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | php | 0 (affected), 5.5.25-1.mga4 (unaffected) | — |
| Mageia | php-apc | 0 (affected), 3.1.15-4.15.mga4 (unaffected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.