Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 21: FEDORA-2015-8383 Critical: PHP 5.6.9 Bug Fixes

fedora
Calendar Grey May 27, 2015
Dist Fedora Esm H88
Arch Linux announces critical patches for python 3.7.4 that resolve significant vulnerabilities and possible exploitation risks.
14 May 2015, **PHP 5.6.9** Core: * Fixed bug #69467 (Wrong checked for the interface by using Trait)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

14 May 2015, **PHP 5.6.9**

Core: * Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) * Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) * Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita) * Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry) * Fixed bug #68652 (segmentation fault in destructor). (Dmitry) * Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita) * Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke) * Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) * Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) * Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) * Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)

FTP: * Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Fedora bug fix remote threat PHP update

Change Log

* Fri May 15 2015 Remi Collet 5.6.9-1 - Update to 5.6.9 https://www.php.net/releases/5_6_9.php - adapt systzdata patch for upstream changes for new zic * Thu Apr 16 2015 Remi Collet 5.6.8-1 - Update to 5.6.8 https://www.php.net/releases/5_6_8.php * Fri Mar 20 2015 Remi Collet 5.6.7-1 - Update to 5.6.7 https://www.php.net/releases/5_6_7.php * Thu Feb 19 2015 Remi Collet 5.6.6-1 - Update to 5.6.6 https://www.php.net/releases/5_6_6.php * Thu Jan 22 2015 Remi Collet 5.6.5-1 - Update to 5.6.5 https://www.php.net/releases/5_6_5.php - FPM: enable ACL support for Unix Domain Socket * Wed Dec 17 2014 Remi Collet 5.6.4-2 - Update to 5.6.4 (real) https://www.php.net/releases/5_6_4.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.6.4-1 - Update to 5.6.4 https://www.php.net/releases/5_6_4.php * Fri Nov 28 2014 Remi Collet 5.6.4-0.1.RC1 - php 5.6.4RC1 * Mon Nov 17 2014 Remi Collet 5.6.3-4 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only * Mon Nov 17 2014 Remi Collet 5.6.3-3 - sync php-fpm configuration with upstream - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.6.3-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.6.3-1 - Update to PHP 5.6.3 https://www.php.net/releases/5_6_3.php * Fri Oct 31 2014 Remi Collet 5.6.3-0.2.RC1 - php 5.6.3RC1 (refreshed, phpdbg changes reverted) - new version of systzdata patch, fix case sensitivity - ignore Factory in date tests * Wed Oct 29 2014 Remi Collet 5.6.3-0.1.RC1 - php 5.6.3RC1 - disable opcache.fast_shutdown in default config - enable phpdbg_webhelper new extension (in php-dbg)

References


[ 1 ] Bug #1222485 - CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1222485 [ 2 ] Bug #1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ https://bugzilla.redhat.com/show_bug.cgi?id=1223408 [ 3 ] Bug #1223412 - CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=1223412 [ 4 ] Bug #1223422 - CVE-2015-4026 php: pcntl_exec() does not check path validity https://bugzilla.redhat.com/show_bug.cgi?id=1223422 [ 5 ] Bug #1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL https://bugzilla.redhat.com/show_bug.cgi?id=1223425

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 21
Version: 5.6.9
Release: 1.fc21
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory Fedora bug fix remote threat PHP update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here