Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Fedora 20 PHP 5.5.23 2015-4216 Critical: Bug Fix Security Advisory

fedora
Calendar Grey March 31, 2015
Dist Fedora Esm H88
-------------------------------------------------------------------------------- Fedora Update Notif
**19 Mar 2015, PHP 5.5.23** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

**19 Mar 2015, PHP 5.5.23**

Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) * Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) * Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence) * Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) * Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) * Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) * Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #69134 (Per Directory Values overrides ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory fedora critical php bug fix threat core

Change Log

* Fri Mar 20 2015 Remi Collet 5.5.23-1 - Update to 5.5.23 https://www.php.net/releases/5_5_23.php * Thu Feb 19 2015 Remi Collet 5.5.22-1 - Update to 5.5.22 https://www.php.net/releases/5_5_22.php * Thu Jan 22 2015 Remi Collet 5.5.21-1 - Update to 5.5.21 https://www.php.net/releases/5_5_21.php * Thu Dec 18 2014 Remi Collet 5.5.20-2 - Update to 5.5.20 (real) https://www.php.net/releases/5_5_20.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.5.20-1 - Update to 5.5.20 https://www.php.net/releases/5_5_20.php * Fri Nov 21 2014 Remi Collet 5.5.19-3 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.5.19-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.5.19-1 - Update to 5.5.19 https://www.php.net/releases/5_5_19.php - new version of systzdata patch, fix case sensitivity * Thu Oct 16 2014 Remi Collet 5.5.18-1 - Update to 5.5.18 https://www.php.net/releases/5_5_18.php * Sat Sep 20 2014 Remi Collet 5.5.17-2 - openssl: fix regression introduce in changes for upstream bug #65137 and #41631, revert to 5.5.16 behavior * Thu Sep 18 2014 Remi Collet 5.5.17-1 - Update to 5.5.17 https://www.php.net/releases/5_5_17.php - fpm: fix script_name with mod_proxy_fcgi / proxypass add upstream patch for https://bugs.php.net/index.php * Thu Aug 21 2014 Remi Collet 5.5.16-1 - Update to 5.5.16 https://www.php.net/releases/5_5_16.php - fix zts-php-config --php-binary output #1124605 - move zts-php from php-devel to php-cli - revert fix for 67724 because of 67865 * Thu Jul 24 2014 Remi Collet 5.5.15-1 - Update to 5.5.15 https://www.php.net/releases/5_5_15.php * Wed Jul 16 2014 Remi Collet 5.5.14-2 - add upstream patch for #67605 * Thu Jun 26 2014 Remi Collet 5.5.14-1 - Update to 5.5.14 https://www.php.net/releases/5_5_14.php - fix test for rhbz #971416 * Thu Jun 5 2014 Remi Collet 5.5.13-3 - fix regression introduce in fix for #67118 * Tue Jun 3 2014 Remi Collet 5.5.13-2 - fileinfo: fix insufficient boundary check - workaround regression introduce in fix for 67072 in serialize/unzerialize functions * Fri May 30 2014 Remi Collet 5.5.13-1 - Update to 5.5.13 https://www.php.net/releases/5_5_13.php * Sat May 3 2014 Remi Collet 5.5.12-1 - Update to 5.5.12 https://www.php.net/releases/5_5_12.php - php-fpm: change default unix socket permission CVE-2014-0185 * Thu Apr 3 2014 Remi Collet 5.5.11-1 - Update to 5.5.11 https://www.php.net/ChangeLog-5.php * Thu Mar 6 2014 Remi Collet 5.5.10-1 - Update to 5.5.10 https://www.php.net/ChangeLog-5.php#5.5.10 - php-fpm should own /var/lib/php/session and wsdlcache - fix pcre test results with libpcre < 8.34 * Tue Feb 18 2014 Remi Collet 5.5.9-2 - upstream patch for https://bugs.php.net/index.php * Tue Feb 11 2014 Remi Collet 5.5.9-1 - Update to 5.5.9 https://www.php.net/ChangeLog-5.php - Install macros to /usr/lib/rpm/macros.d * Thu Jan 23 2014 Joe Orton - 5.5.8-2 - fix _httpd_mmn expansion in absence of httpd-devel * Wed Jan 8 2014 Remi Collet 5.5.8-1 - update to 5.5.8 - drop conflicts with other opcode caches as both can be used only for user data cache * Wed Dec 11 2013 Remi Collet 5.5.7-1 - update to 5.5.7, fix for CVE-2013-6420 - fix zend_register_functions breaks reflection, php bug 66218 - fix Heap buffer over-read in DateInterval, php bug 66060 - fix fix overflow handling bug in non-x86

References


[ 1 ] Bug #1204868 - php: SoapClient's __call() type confusion through unserialize() https://bugzilla.redhat.com/show_bug.cgi?id=1204868

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 20
Version: 5.5.23
Release: 1.fc20
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory fedora critical php bug fix threat core

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here