{"id":"MGASA-2014-0324","summary":"Updated php packages fix security vulnerabilities","details":"Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in\nPHP through 5.5.14 allows context-dependent attackers to cause a denial of\nservice or possibly have unspecified other impact via crafted ArrayIterator\nusage within applications in certain web-hosting environments (CVE-2014-4698).\n\nUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in\nPHP through 5.5.14 allows context-dependent attackers to cause a denial of\nservice or possibly have unspecified other impact via crafted iterator usage\nwithin applications in certain web-hosting environments (CVE-2014-4670).\n\nfile before 5.19 does not properly restrict the amount of data read during\na regex search, which allows remote attackers to cause a denial of service\n(CPU consumption) via a crafted file that triggers backtracking during\nprocessing of an awk rule, due to an incomplete fix for CVE-2013-7345\n(CVE-2014-3538).\n\nThe php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for\nMageia 4, and additional patches have been added to fix these issues and\nseveral other bugs.\n\nAlso, php-apc has been rebuilt against the updated PHP versions and the\nphp-timezonedb package has been updated to the latest version, 2014.5.\n\nAdditionally, the jsonc extension has been upgraded to the 1.3.6\nversion.\n","modified":"2026-04-16T06:22:23.651956048Z","published":"2014-08-08T11:23:49Z","upstream":["CVE-2014-3538","CVE-2014-4670","CVE-2014-4698"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0324.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13796"},{"type":"WEB","url":"http://php.net/ChangeLog-5.php#5.4.31"},{"type":"WEB","url":"http://php.net/ChangeLog-5.php#5.5.15"},{"type":"WEB","url":"http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:149/"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.31-1.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.14-7.11.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php-gd-bundled","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.31-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.5-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.15-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.15-4.6.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.5-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0324.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}