Fedora 22: php Security Update 2015-14977
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
Update Information:
03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout on pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug #70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb) * Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) **MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol) **Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) **SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug #69782 (NULL pointer dereference). (Stas)
Change Log
References
[ 1 ] Bug #1260642 - CVE-2015-6834 php: Use After Free Vulnerability in unserialize() https://bugzilla.redhat.com/show_bug.cgi?id=1260642 [ 2 ] Bug #1260741 - php: Null pointer deref (segfault) in spl_autoload via ob_start https://bugzilla.redhat.com/show_bug.cgi?id=1260741 [ 3 ] Bug #1260734 - php: new DateTimeZone($foo) is ignoring text after null byte https://bugzilla.redhat.com/show_bug.cgi?id=1260734 [ 4 ] Bug #1260674 - php: Multiple vulnerabilities related to PCRE functions https://bugzilla.redhat.com/show_bug.cgi?id=1260674 [ 5 ] Bug #1260667 - php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes https://bugzilla.redhat.com/show_bug.cgi?id=1260667 [ 6 ] Bug #1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE https://bugzilla.redhat.com/show_bug.cgi?id=1260683 [ 7 ] Bug #1260647 - CVE-2015-6835 php: Use after free vulnerability in session deserializer https://bugzilla.redhat.com/show_bug.cgi?id=1260647 [ 8 ] Bug #1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class https://bugzilla.redhat.com/show_bug.cgi?id=1260711 [ 9 ] Bug #1260695 - php: Another use-after-free vulnerability in unserialize() with SplObjectStorage https://bugzilla.redhat.com/show_bug.cgi?id=1260695 [ 10 ] Bug #1260671 - php: HAVAL gives wrong hashes in specific cases https://bugzilla.redhat.com/show_bug.cgi?id=1260671 [ 11 ] Bug #1260707 - php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList https://bugzilla.redhat.com/show_bug.cgi?id=1260707 [ 12 ] Bug #1260748 - php: getimagesize() fails for very large WBMP causing an integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1260748
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .