|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0422 (php)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0422: Updated php packages fix security vulnerability 


Date:
    	      Thu, 22 Dec 2016 22:41:33 +0100


Message-ID:
    	      <20161222214133.4441B9F7B8@duvel.mageia.org>


MGASA-2016-0422 - Updated php packages fix security vulnerability

Publication date: 22 Dec 2016
URL: http://advisories.mageia.org/MGASA-2016-0422.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-9934,
     CVE-2016-9935

Description:
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in
PHP before 5.6.28 (CVE-2016-9934).

Invalid read when wddx decodes empty boolean element in PHP before
5.6.29 (CVE-2016-9935).

References:
- https://bugs.mageia.org/show_bug.cgi?id=19753
- http://www.php.net/ChangeLog-5.php#5.6.29
- http://openwall.com/lists/oss-security/2016/12/12/5
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935

SRPMS:
- 5/core/php-5.6.29-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds