Mandriva Linux Security Advisory : php (MDVSA-2014:202)
Medium Nessus Plugin ID 78664
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in php :
A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).
The updated php packages have been upgraded to the 5.5.18 version resolve this security flaw.
Additionally, php-apc has been rebuilt against the updated php packages.
SolutionUpdate the affected packages.