Fedora 24: 2017-5ade380ab2 High: PHP Buffer Overflow Fix

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 5.6.31** (06 Jul 2017) **Core:** * Fixed bug php#73807

(Performance problem with processing post request over 2000000 chars). (Nikita)

* Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from

unserialize). (Nikita) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer

Overflow Vulnerability). (Stas) * Fixed bug php#74819 (wddx_deserialize() heap

out-of-bound read via php_parse_date()). (Derick) **mbstring:** * Add

oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,

CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **OpenSSL:** * Fixed bug

php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas)

**WDDX:** * Fixed bug php#74145 (wddx parsing empty boolean tag leads to

SIGSEGV). (Stas)

su -c 'dnf upgrade php' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org