Mandriva Linux Security Advisory : php (MDVSA-2015:209)
High Nessus Plugin ID 83101
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated php packages fix security vulnerabilities :
Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783).
Buffer Overflow when parsing tar/zip/phar in phar_set_inode (CVE-2015-3329).
Potential remote code execution with apache 2.4 apache2handler (CVE-2015-3330).
PHP has been updated to version 5.5.24, which fixes these issues and other bugs.
Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
SolutionUpdate the affected packages.