[arch-security] [ASA-201503-25] php: integer overflow
chris.rebischke at gmail.com
Sat Mar 28 02:54:54 UTC 2015
Arch Linux Security Advisory ASA-201503-25
Date : 2015-03-28
CVE-ID : CVE-2015-2331
Package : php
Type : integer overflow
Remote : yes
Link : https://wiki.archlinux.org/index.php/CVE
An integer overflow flaw, leading to a heap-based buffer overflow. This could
raise a crash of the application or is possible exploitable.
Upgrade to 5.6.7-1.
# pacman -Syu "php>=5.6.7-1"
The problem have been fixed upstream.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in
the way libzip, which is embedded in PHP, processed certain ZIP archives. If an
attacker were able to supply a specially crafted ZIP archive to an application
using libzip, it could cause the application to crash or, possibly, execute
An attacker could craft a certain ZIP archive to crash or exploit a libzip based
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the arch-security