Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 23: 2016-558167a417 Moderate: PHP Session Fix and Memory Leak

fedora
Calendar Grey January 16, 2016
Dist Fedora Esm H88
The initial release for OpenSUSE addresses major issues and security breaches, including buffer overflows and authentication weaknesses.
07 Jan 2016, **PHP 5.6.17** **Core:** * Fixed bug php#66909 (configure fails utf8_to_mutf7 test)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

07 Jan 2016, **PHP 5.6.17** **Core:** * Fixed bug php#66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky) * Fixed bug php#70958 (Invalid opcode while using ::class as trait method paramater default value). (Laruence) * Fixed bug php#70957 (self::class can not be resolved with reflection for abstract class). (Laruence) * Fixed bug php#70944 (try{ } finally{} can create infinite chains of exceptions). (Laruence) * Fixed bug php#61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions). (Lior Kaplan) **FPM:** * Fixed bug php#70755 (fpm_log.c memory leak and buffer overflow). (Stas) **GD:** * Fixed bug php#70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (emmanuel dot law at gmail dot com). **Mysqlnd:** * Fixed bug php#68077 (LOAD DATA LOCAL INFILE / open_basedir restriction). (Laruence) **SOAP:** * Fixed bug php#70900 (SoapClient systematic out of memory error). (Dmitry) **Standard:** * Fixed bug php#70960 (R...

Change Log

References


[ 1 ] Bug #1297730 - php: Type Confusion Vulnerability in PHP_to_XMLRPC_worker() https://bugzilla.redhat.com/show_bug.cgi?id=1297730 [ 2 ] Bug #1297726 - php: Session WDDX Packet Deserialization Type Confusion Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1297726 [ 3 ] Bug #1297720 - php: Use-after-free in WDDX Packet Deserialization https://bugzilla.redhat.com/show_bug.cgi?id=1297720 [ 4 ] Bug #1297710 - php: Memory leak and out-of-bounds write in fpm_log.c https://bugzilla.redhat.com/show_bug.cgi?id=1297710

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 23
Version: 5.6.17
Release: 1.fc23
Summary: PHP scripting language for creating dynamic web sites

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here