{"id":"MGASA-2014-0430","summary":"Updated php packages fix security vulnerabilities","details":"An integer overflow flaw in PHP's unserialize() function was reported. If\nunserialize() were used on untrusted data, this issue could lead to a crash or\npotentially information disclosure (CVE-2014-3669).\n\nA heap corruption issue was reported in PHP's exif_thumbnail() function. A\nspecially-crafted JPEG image could cause the PHP interpreter to crash or,\npotentially, execute arbitrary code (CVE-2014-3670).\n\nIf client-supplied input was passed to PHP's cURL client as a URL to download,\nit could return local files from the server due to improper handling of null\nbytes (PHP#68089).\n\nPHP has been updated to version 5.4.34 for Mageia 3 and 5.5.18 for Mageia 4,\nwhich fix these issues and other bugs.\n\nAdditionally, the suhosin PHP extension has been updated to version 0.9.36\nand a bug in the php zip extension that could cause a crash on Mageia 4 has\nbeen fixed (mga#13820)\n","modified":"2026-04-16T06:25:51.441801617Z","published":"2014-10-28T11:33:36Z","upstream":["CVE-2014-3669","CVE-2014-3670"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0430.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14326"},{"type":"WEB","url":"http://www.php.net/ChangeLog-5.php#5.5.18"},{"type":"WEB","url":"http://www.php.net/ChangeLog-5.php#5.4.34"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3669"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3670"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=68089"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13820"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.34-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.14-7.13.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php-gd-bundled","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.34-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php-suhosin","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.36-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.18-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.15-4.8.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}},{"package":{"name":"php-suhosin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-suhosin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.36-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0430.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}