{"id":"MGASA-2016-0267","summary":"Updated php/xmlrpc-epi/timezone packages fix security vulnerability","details":"Stack-based buffer overflow vulnerability in virtual_file_ex()\n(CVE-2016-6289).\n\nUse After Free in unserialize() with Unexpected Session Deserialization\n(CVE-2016-6290).\n\nOut of bound read in exif_process_IFD_in_MAKERNOTE() (CVE-2016-6291).\n\nNULL Pointer Dereference in exif_process_user_comment() (CVE-2016-6292).\n\nlocale_accept_from_http() out-of-bounds access (CVE-2016-6294).\n\nUse After Free Vulnerability in SNMP with GC and unserialize()\n(CVE-2016-6295).\n\nheap-buffer-overflow (write) simplestring_addn() simplestring.c in\nphp-xmlrpc (CVE-2016-6296).\n\nStack-based buffer overflow vulnerability in php_stream_zip_opener()\n(CVE-2016-6297).\n\nThe php package has been updated to version 5.6.24, fixing these issues\nand several other bugs.  See the upstream ChangeLog for details.\n\nThe CVE-2016-6296 issue was in the xmlrpc-epi library, which has been\npatched.\n\nAdditionally, the timezone and php-timezonedb packages have been updated\nwith the latest timezone data.\n","modified":"2026-04-16T01:49:02.316386864Z","published":"2016-07-26T21:59:16Z","upstream":["CVE-2016-6289","CVE-2016-6290","CVE-2016-6291","CVE-2016-6292","CVE-2016-6294","CVE-2016-6295","CVE-2016-6296","CVE-2016-6297"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0267.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19009"},{"type":"WEB","url":"http://www.php.net/ChangeLog-5.php#5.6.24"},{"type":"WEB","url":"http://mm.icann.org/pipermail/tz-announce/2016-March/000036.html"},{"type":"WEB","url":"http://mm.icann.org/pipermail/tz-announce/2016-March/000037.html"},{"type":"WEB","url":"http://mm.icann.org/pipermail/tz-announce/2016-April/000038.html"},{"type":"WEB","url":"http://mm.icann.org/pipermail/tz-announce/2016-June/000039.html"},{"type":"WEB","url":"http://mm.icann.org/pipermail/tz-announce/2016-July/000040.html"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.24-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0267.json"}},{"package":{"name":"xmlrpc-epi","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/xmlrpc-epi?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.54.2-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0267.json"}},{"package":{"name":"timezone","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/timezone?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2016f-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0267.json"}},{"package":{"name":"php-timezonedb","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/php-timezonedb?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2016.6-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0267.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}