Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 21 High Advisory: 2015-11581 PHP Core Fix and Bug Resolutions

fedora
Calendar Grey July 29, 2015
Dist Fedora Esm H88
A recent PHP security patch for Fedora 21 tackles severe vulnerabilities and glitches, improving overall robustness and safeguarding user data.
10 Jul 2015, **PHP 5.6.11** **Core:** * Fixed bug #69768 (escapeshell*() doesn't cater to !)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

10 Jul 2015, **PHP 5.6.11**

**Core:** * Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) * Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle) * Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry) * Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski) * Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker) * Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz) * Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita) * Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz) * Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita) * Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo)

**GD:** * Fixed bug #61221 (imag...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory high severity software update Fedora bug fix PHP core fix

Change Log

* Sun Jul 12 2015 Remi Collet 5.6.11-1 - Update to 5.6.11 https://www.php.net/releases/5_6_11.php - the phar link is now correctly created * Thu Jun 11 2015 Remi Collet 5.6.10-1 - Update to 5.6.10 https://www.php.net/releases/5_6_10.php - add explicit spec license (implicit by FPCA) - opcache is now 7.0.6-dev * Fri May 15 2015 Remi Collet 5.6.9-1 - Update to 5.6.9 https://www.php.net/releases/5_6_9.php - adapt systzdata patch for upstream changes for new zic * Thu Apr 16 2015 Remi Collet 5.6.8-1 - Update to 5.6.8 https://www.php.net/releases/5_6_8.php * Fri Mar 20 2015 Remi Collet 5.6.7-1 - Update to 5.6.7 https://www.php.net/releases/5_6_7.php * Thu Feb 19 2015 Remi Collet 5.6.6-1 - Update to 5.6.6 https://www.php.net/releases/5_6_6.php * Thu Jan 22 2015 Remi Collet 5.6.5-1 - Update to 5.6.5 https://www.php.net/releases/5_6_5.php - FPM: enable ACL support for Unix Domain Socket * Wed Dec 17 2014 Remi Collet 5.6.4-2 - Update to 5.6.4 (real) https://www.php.net/releases/5_6_4.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.6.4-1 - Update to 5.6.4 https://www.php.net/releases/5_6_4.php * Fri Nov 28 2014 Remi Collet 5.6.4-0.1.RC1 - php 5.6.4RC1 * Mon Nov 17 2014 Remi Collet 5.6.3-4 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only * Mon Nov 17 2014 Remi Collet 5.6.3-3 - sync php-fpm configuration with upstream - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.6.3-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.6.3-1 - Update to PHP 5.6.3 https://www.php.net/releases/5_6_3.php * Fri Oct 31 2014 Remi Collet 5.6.3-0.2.RC1 - php 5.6.3RC1 (refreshed, phpdbg changes reverted) - new version of systzdata patch, fix case sensitivity - ignore Factory in date tests * Wed Oct 29 2014 Remi Collet 5.6.3-0.1.RC1 - php 5.6.3RC1 - disable opcache.fast_shutdown in default config - enable phpdbg_webhelper new extension (in php-dbg)

References


[ 1 ] Bug #1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file https://bugzilla.redhat.com/show_bug.cgi?id=1245236 [ 2 ] Bug #1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath https://bugzilla.redhat.com/show_bug.cgi?id=1245242

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 21
Version: 5.6.11
Release: 1.fc21
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory high severity software update Fedora bug fix PHP core fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here