MGASA-2015-0276

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2015-5589 CVE-2015-5590

Published: 23 Jul 2015, 09:39

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jul 2015, 09:39

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated php package fixes security vulnerabilities Segfault in Phar::convertToData on invalid file (CVE-2015-5589). Buffer overflow and stack smashing error in phar_fix_filepath (CVE-2015-5590). The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw, which allows php-mysqlnd client connections that were supposed to use SSL/TLS to be downgraded to not use it.

Affected Systems

mageia•php
< 5.5.27-1.mga4
mageia•php-apc
< 3.1.15-4.17.mga4

MGASA-2015-0276

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)