Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 24 PHP 5.6.21 Critical Advisory: Memory and Segmentation Issues

fedora
Calendar Grey May 7, 2016
Dist Fedora Esm H88
PHP 5.6.21 security patch for Fedora 24 addresses several vulnerabilities, correcting issues like memory corruption and segmentation faults.
28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with empty string for key gives error)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** * Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas) **GD:** * Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd: signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed bug #71422 (Fix ORA-01438: value larger than specified precision allowed for this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script ...

Topics%20covered

Topics Covered

security advisory fedora php critical fix bug fixes segmentation fault memory error

Change Log

References


[ 1 ] Bug #1332877 - CVE-2016-4539 php: Malformed input causes segmentation fault in xml_parse_into_struct() function https://bugzilla.redhat.com/show_bug.cgi?id=1332877 [ 2 ] Bug #1332872 - CVE-2016-4540 CVE-2016-4541 php: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset https://bugzilla.redhat.com/show_bug.cgi?id=1332872 [ 3 ] Bug #1332865 - CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input https://bugzilla.redhat.com/show_bug.cgi?id=1332865 [ 4 ] Bug #1332860 - CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition https://bugzilla.redhat.com/show_bug.cgi?id=1332860

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 24
Version: 5.6.21
Release: 1.fc24
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory fedora php critical fix bug fixes segmentation fault memory error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here