Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 25: 2017-cdaaf6ea12 Critical PHP Bug Fix Exploitation Risks

fedora
Calendar Grey November 7, 2017
Dist Fedora Esm H88
Fedora 25 launches vital PHP security update targeting several vulnerabilities and improving overall system reliability and efficiency.
**PHP version 7.0.25** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small())

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.0.25** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null

pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236

(infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252

(Incorrect token formatting on two parse errors in one request). (Nikita) *

Fixed bug php#75220 (Segfault when calling is_callable on parent).

(andrewnester) * Fixed bug php#75290 (debug info of Closures of internal

functions contain garbage argument names). (Andrea) **Apache2Handler:** *

Fixed bug php#75311 (error: 'zend_hash_key' has no member named 'arKey' in

apache2handler). (mcarbonneaux) **Date:** * Fixed bug php#75055 (Out-Of-Bounds

Read in timelib_meridian()). (Derick) **Intl:** * Fixed bug php#75318 (The

parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:** *

Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh)

**PCRE:** * Fixed bug php#75207 (applied upstream patch for CVE-2016-1283).

(Anatol) **litespeed:** * Fixed bug php#75248 (Binary directory doesn't get

created when building only litespeed SAPI). (petk) * Fixed bug php#75251

(Missing program prefix and suffix). (petk) **SPL:** * Fixed bug php#73629

(SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb)

su -c 'dnf upgrade php' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory software update Fedora critical fix system stability PHP bug

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 7.0.25
Release: 1.fc25
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory software update Fedora critical fix system stability PHP bug

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here