{"id":"MGASA-2015-0231","summary":"Updated php packages fix security vulnerabilities","details":"Updated php packages fix security vulnerabilities:\n\nMemory Corruption in phar_parse_tarfile when entry filename starts with null\n(CVE-2015-4021).\n\nInteger overflow in ftp_genlist() resulting in heap overflow, potentially\nexploitable by a hostile FTP server (CVE-2015-4022).\n\nPHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024).\n\nVarious functions allow \\0 in paths where they shouldn't. In theory, that\ncould lead to security failure for path-based access controls if the user\ninjects a string with \\0 in it. These functions include set_include_path(),\ntempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec()\n(CVE-2015-4026).\n","modified":"2026-04-16T06:23:57.176551678Z","published":"2015-05-18T19:08:05Z","upstream":["CVE-2015-4021","CVE-2015-4022","CVE-2015-4024","CVE-2015-4025","CVE-2015-4026"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0231.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15943"},{"type":"WEB","url":"http://php.net/ChangeLog-5.php#5.5.25"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/05/20/3"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.25-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0231.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.15-4.15.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0231.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2015.4-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0231.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}