Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Fedora 25: 2016-d6b82fc729 Critical: PHP Buffer Overflow and More

fedora
Calendar Grey October 18, 2016
Dist Fedora Esm H88
A recent security patch for Fedora 25 targeting PHP resolves several high-severity vulnerabilities to improve robustness and mitigate potential threats.
13 Oct 2016 - **PHP version 7.0.12** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

13 Oct 2016 - **PHP version 7.0.12** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol) * Fixed bug php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#69579 (Invalid free in extension trait). (John Boehr) * Fixed bug php#73156 (segfault on undefined function). (Dmitry) * Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita) * Fixed bug php#73172 (parse error: Invalid numeric literal). (Nikita, Anatol) * Fixed for php#73240 (Write out of bounds at number_format). (Stas) * Fixed bug php#73147 (Use After Free in PHP7 unserialize()). (Stas) * Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas) **BCmath:** * Fix bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas) **Date:** * Fixed bug php#73091 (Unserializing...

Change Log

References

Fedora Update Notification FEDORA-2016-d6b82fc729 2016-10-18 11:24:07.156521
Name : php Product : Fedora 25 Version : 7.0.12 Release : 2.fc25 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 25
Version: 7.0.12
Release: 2.fc25
Summary: PHP scripting language for creating dynamic web sites

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.