-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8383 2015-05-17 02:53:54 -------------------------------------------------------------------------------- Name : php Product : Fedora 21 Version : 5.6.9 Release : 1.fc21 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: 14 May 2015, **PHP 5.6.9** Core: * Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) * Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) * Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita) * Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry) * Fixed bug #68652 (segmentation fault in destructor). (Dmitry) * Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita) * Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke) * Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) * Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) * Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) * Fixed bug #69522 (heap buffer overflow in unpack()). (Stas) FTP: * Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas) ODBC: * Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol) * Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol) * Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski) OpenSSL: * Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey) PCNTL: * Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas) PCRE: * Upgraded pcrelib to 8.37. Phar: * Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas) -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Remi Collet5.6.9-1 - Update to 5.6.9 https://www.php.net/releases/5_6_9.php - adapt systzdata patch for upstream changes for new zic * Thu Apr 16 2015 Remi Collet 5.6.8-1 - Update to 5.6.8 https://www.php.net/releases/5_6_8.php * Fri Mar 20 2015 Remi Collet 5.6.7-1 - Update to 5.6.7 https://www.php.net/releases/5_6_7.php * Thu Feb 19 2015 Remi Collet 5.6.6-1 - Update to 5.6.6 https://www.php.net/releases/5_6_6.php * Thu Jan 22 2015 Remi Collet 5.6.5-1 - Update to 5.6.5 https://www.php.net/releases/5_6_5.php - FPM: enable ACL support for Unix Domain Socket * Wed Dec 17 2014 Remi Collet 5.6.4-2 - Update to 5.6.4 (real) https://www.php.net/releases/5_6_4.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.6.4-1 - Update to 5.6.4 https://www.php.net/releases/5_6_4.php * Fri Nov 28 2014 Remi Collet 5.6.4-0.1.RC1 - php 5.6.4RC1 * Mon Nov 17 2014 Remi Collet 5.6.3-4 - FPM: add upstream patch for https://bugs.php.net/68428 listen.allowed_clients is IPv4 only * Mon Nov 17 2014 Remi Collet 5.6.3-3 - sync php-fpm configuration with upstream - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.6.3-2 - FPM: add upstream patch for https://bugs.php.net/68421 access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/68420 listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/68423 will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.6.3-1 - Update to PHP 5.6.3 https://php.net/releases/5_6_3.php * Fri Oct 31 2014 Remi Collet 5.6.3-0.2.RC1 - php 5.6.3RC1 (refreshed, phpdbg changes reverted) - new version of systzdata patch, fix case sensitivity - ignore Factory in date tests * Wed Oct 29 2014 Remi Collet 5.6.3-0.1.RC1 - php 5.6.3RC1 - disable opcache.fast_shutdown in default config - enable phpdbg_webhelper new extension (in php-dbg) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222485 - CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1222485 [ 2 ] Bug #1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ https://bugzilla.redhat.com/show_bug.cgi?id=1223408 [ 3 ] Bug #1223412 - CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=1223412 [ 4 ] Bug #1223422 - CVE-2015-4026 php: pcntl_exec() does not check path validity https://bugzilla.redhat.com/show_bug.cgi?id=1223422 [ 5 ] Bug #1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL https://bugzilla.redhat.com/show_bug.cgi?id=1223425 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce