Fedora 22: PHP 5.6.9 Critical Advisory for Buffer Overflow
fedora
May 26, 2015
14 May 2015, **PHP 5.6.9** Core: * Fixed bug #69467 (Wrong checked for the interface by using Trait)
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
Update Information:
14 May 2015, **PHP 5.6.9**
Core:
* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
* Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita)
* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
FTP: * Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)...
Read the Full Advisory
Topics Covered
Change Log
* Fri May 15 2015 Remi Collet
References
[ 1 ] Bug #1222485 - CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1222485
[ 2 ] Bug #1223412 - CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1223412
[ 3 ] Bug #1223425 - CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL
https://bugzilla.redhat.com/show_bug.cgi?id=1223425
[ 4 ] Bug #1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
https://bugzilla.redhat.com/show_bug.cgi?id=1223408
[ 5 ] Bug #1223422 - CVE-2015-4026 php: pcntl_exec() does not check path validity
https://bugzilla.redhat.com/show_bug.cgi?id=1223422
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: php
Product: Fedora 22
Version: 5.6.9
Release: 1.fc22
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!