{"id":"MGASA-2014-0178","summary":"Updated php packages fix security vulnerability","details":"Updated php packages fix security vulnerability:\n\nThe BEGIN regular expression in the awk script detector in\nmagic/Magdir/commands in file before 5.15 uses multiple wildcards with\nunlimited repetitions, which allows context-dependent attackers to cause a\ndenial of service (CPU consumption) via a crafted ASCII file that triggers a\nlarge amount of backtracking, as demonstrated via a file with many newline\ncharacters (CVE-2013-7345).\n\nPHP contains a bundled copy of the file utility's libmagic library, so it was\nvulnerable to this issue. It has been updated to versions 5.4.27 and 5.5.11,\nwhich fix this issue and several other bugs.\n\nAlso, the timezonedb PHP PECL module has been updated to its newest version.\n\nAdditionally, php-apc has been rebuilt against the updated php packages.\n","modified":"2026-02-02T06:40:30.876948Z","published":"2014-04-17T20:20:35Z","related":["CVE-2013-7345"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0178.html"},{"type":"REPORT","url":"http://www.php.net/ChangeLog-5.php#5.4.27"},{"type":"REPORT","url":"http://www.php.net/ChangeLog-5.php#5.5.11"},{"type":"REPORT","url":"http://pecl.php.net/package-info.php?package=timezonedb&version=2014.2"},{"type":"REPORT","url":"http://advisories.mageia.org/MGASA-2014-0142.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13142"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.27-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.14-7.7.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.2-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php-gd-bundled","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.27-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.11-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php-apc","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-apc?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.15-4.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.2-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0178.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}