{"id":"MGASA-2015-0040","summary":"Updated php packages fix security vulnerabilities","details":"Updated php and libgd packages fix security vulnerabilities:\n\nDouble free vulnerability in the zend_ts_hash_graceful_destroy function in\nzend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via unknown vectors (CVE-2014-9425).\n\nsapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is\nused to read a .php file, does not properly consider the mapping's length\nduring processing of an invalid file that begins with a # character and lacks\na newline character, which causes an out-of-bounds read and might allow remote\nattackers to obtain sensitive information from php-cgi process memory by\nleveraging the ability to upload a .php file or trigger unexpected code\nexecution if a valid PHP script is present in memory locations adjacent to the\nmapping (CVE-2014-9427).\n\nUse after free vulnerability in unserialize() in PHP before 5.5.21\n(CVE-2015-0231).\n\nFree called on an uninitialized pointer in php-exif in PHP before 5.5.21\n(CVE-2015-0232).\n\nThe readelf.c source file has been removed from PHP's bundled copy of file's\nlibmagic, eliminating exposure to denial of service issues in ELF file parsing\nsuch as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's\nfileinfo module.\n\nA buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the\nPHP 5.5.21 ChangeLog has been fixed in the libgd package.\n\nThe php package has been updated to version 5.5.21 to fix these issues and\nother bugs. Please see the upstream ChangeLog for more information.\n","modified":"2026-02-04T03:56:22.141863Z","published":"2015-01-27T21:08:29Z","related":["CVE-2014-8116","CVE-2014-8117","CVE-2014-9425","CVE-2014-9427","CVE-2014-9620","CVE-2014-9621","CVE-2015-0231","CVE-2015-0232"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0040.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15121"},{"type":"REPORT","url":"http://php.net/ChangeLog-5.php#5.5.21"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.21-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0040.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.15-4.11.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0040.json"}},{"package":{"name":"libgd","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libgd?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-3.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0040.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}