MGASA-2015-0134

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2015-2305 CVE-2015-2331 CVE-2015-2787

Published: 04 Apr 2015, 11:13

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Apr 2015, 11:13

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated php and libzip packages fix security vulnerabilities Heap overflow vulnerability in regcomp.c in the ereg extension in PHP before 5.5.23 on 32-bit systems (CVE-2015-2305). Integer overflow in zip extension in PHP before 5.5.23 leads to writing past heap boundary (CVE-2015-2331). Use after free vulnerability in unserialize() in PHP before 5.5.23 (CVE-2015-2787). PHP has been updated to version 5.5.23, which fixes these issues and other bugs. The php zip extension uses the libzip library, so it has been patched to fix CVE-2015-2331.

Affected Systems

mageia•libzip
< 0.11.2-1.1.mga4
mageia•php
< 5.5.23-1.mga4
mageia•php-apc
< 3.1.15-4.13.mga4

MGASA-2015-0134

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)