New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated php packages fix security vulnerabilities :
Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).
Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).
Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).
PHP has been updated to version 5.5.24, which fixes these issues and other bugs.
Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
SolutionUpdate the affected packages.