Description
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted ArrayIterator
usage within applications in certain web-hosting environments (CVE-2014-4698).
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments (CVE-2014-4670).
file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule, due to an incomplete fix for CVE-2013-7345
(CVE-2014-3538).
The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for
Mageia 4, and additional patches have been added to fix these issues and
several other bugs.
Also, php-apc has been rebuilt against the updated PHP versions and the
php-timezonedb package has been updated to the latest version, 2014.5.
Additionally, the jsonc extension has been upgraded to the 1.3.6
version.