Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 24: FEDORA-2016-2460f713a1 Critical: php-gettext Code Injection

fedora
Calendar Grey December 10, 2016
Dist Fedora Esm H88
The Fedora 24 php-gettext patch rectifies a security vulnerability in MO file reading functions, effectively mitigating a potential injection risk. Discover the details of the fix
php-gettext 1.0.12 injection bug (LP#1515334) * Do not assume mbstring functions are always there, pass text through if they aren't (LP#734494)

Summary

This library provides PHP functions to read MO files even when gettext is

not compiled in or when appropriate locale is not present on the system.

Update Information:

php-gettext 1.0.12 ================== * Security fix for potential code injection bug (LP#1515334) * Do not assume mbstring functions are always there, pass text through if they aren't (LP#734494)

Change Log

References


[ 1 ] Bug #1367462 - php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter https://bugzilla.redhat.com/show_bug.cgi?id=1367462

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-php-gettext' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-php-gettext
Product: Fedora 24
Version: 1.0.12
Release: 1.fc24
Summary: Gettext emulation in PHP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.