{"id":"MGASA-2016-0238","summary":"Updated php packages fix security vulnerability","details":"php-mbstring _php_mb_regex_ereg_replace_exec() - double free\n(CVE-2016-5768).\n\nphp-mcrypt heap Overflow due to integer overflows (CVE-2016-5769).\n\nphp-SPL int/size_t confusion in SplFileObject::fread (CVE-2016-5770).\n\nphp-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize\n(CVE-2016-5771).\n\nphp-WDDX Double Free Courruption in wddx_deserialize (CVE-2016-5772).\n\nphp-zip ZipArchive class Use After Free Vulnerability in PHP's GC\nalgorithm and unserialize (CVE-2016-5773).\n\nThe php package has been updated to version 5.6.23, fixing these issues\nand several other bugs.  See the upstream ChangeLog for details.\n","modified":"2026-04-16T06:23:22.018004577Z","published":"2016-07-05T15:47:08Z","upstream":["CVE-2016-5768","CVE-2016-5769","CVE-2016-5770","CVE-2016-5771","CVE-2016-5772","CVE-2016-5773"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0238.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18765"},{"type":"WEB","url":"http://php.net/ChangeLog-5.php#5.6.23"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.23-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0238.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}