DSA-3198-2 php5 -- php5ID: oval:org.secpod.oval:def:602015 | Date: (C)2015-03-30 (M)2024-02-19 |
Class: PATCH | Family: unix |
The previous update for php5, DSA-3198-1, introduced a regression causing segmentation faults when using SoapClient::__setSoapHeader. Updated packages are now available to address this regression. For reference, the original advisory text follows. Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2301 Use-after-free in the phar extension. CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code.