5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698). Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670). file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538). The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for Mageia 4, and additional patches have been added to fix these issues and several other bugs. Also, php-apc has been rebuilt against the updated PHP versions and the php-timezonedb package has been updated to the latest version, 2014.5. Additionally, the jsonc extension has been upgraded to the 1.3.6 version.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | php | < 5.4.31-1.2 | php-5.4.31-1.2.mga3 |
Mageia | 3 | noarch | php-apc | < 3.1.14-7.11 | php-apc-3.1.14-7.11.mga3 |
Mageia | 3 | noarch | php-gd-bundled | < 5.4.31-1 | php-gd-bundled-5.4.31-1.mga3 |
Mageia | 3 | noarch | php-timezonedb | < 2014.5-1 | php-timezonedb-2014.5-1.mga3 |
Mageia | 4 | noarch | php | < 5.5.15-1.1 | php-5.5.15-1.1.mga4 |
Mageia | 4 | noarch | php-apc | < 3.1.15-4.6 | php-apc-3.1.15-4.6.mga4 |
Mageia | 4 | noarch | php-timezonedb | < 2014.5-1 | php-timezonedb-2014.5-1.mga4 |