MGASA-2015-0231

Advisory lineage Upstream: 5 Downstream: 0

Upstream

CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026

Published: 18 May 2015, 19:08

Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 May 2015, 19:08

Published

Vulnerability first disclosed

16 Apr 2026, 06:23

Last Modified

Vulnerability information updated

Description

Updated php packages fix security vulnerabilities Updated php packages fix security vulnerabilities: Memory Corruption in phar_parse_tarfile when entry filename starts with null (CVE-2015-4021). Integer overflow in ftp_genlist() resulting in heap overflow, potentially exploitable by a hostile FTP server (CVE-2015-4022). PHP Multipart/form-data parsing remote DoS Vulnerability (CVE-2015-4024). Various functions allow \0 in paths where they shouldn't. In theory, that could lead to security failure for path-based access controls if the user injects a string with \0 in it. These functions include set_include_path(), tempnam(), rmdir(), and readlink() (CVE-2015-4025), as well as pcntl_exec() (CVE-2015-4026).

Affected Systems

mageia•php
< 5.5.25-1.mga4
mageia•php-apc
< 3.1.15-4.15.mga4
mageia•php-timezonedb
< 2015.4-1.mga4

MGASA-2015-0231

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)