Fedora 26: 2018-c71dd2e199 Critical: PHP FPM Access Control Issues
fedora
April 6, 2018
**PHP version 7.1.16** (29 Mar 2018) **Core:** * Fixed bug php#76025 (Segfault while throwing exception in error_handler)
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
**PHP version 7.1.16** (29 Mar 2018) **Core:** * Fixed bug php#76025 (Segfault
while throwing exception in error_handler). (Dmitry, Laruence) * Fixed bug
php#76044 ('date: illegal option -- -' in ./configure on FreeBSD). (Anatol)
**FPM:** * Fixed bug php#75605 (Dumpable FPM child processes allow bypassing
opcache access controls). (Jakub Zelenka) **GD:** * Fixed bug php#73957
(signed integer conversion in imagescale()). (cmb) **ODBC:** * Fixed bug
php#76088 (ODBC functions are not available by default on Windows). (cmb)
**Opcache:** * Fixed bug php#76074 (opcache corrupts variable in for-loop).
(Bob) **Phar:** * Fixed bug php#76085 (Segmentation fault in buildFromIterator
when directory name contains a \n). (Laruence) **Standard:** * Fixed bug
php#74139 (mail.add_x_header default inconsistent with docs). (cmb) * Fixed bug
php#76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
(Anatol)
[ 1 ] Bug #1563858 - php: Dumpable FPM child processes allow bypassing opcache access controls
https://bugzilla.redhat.com/show_bug.cgi?id=1563858
su -c 'dnf upgrade php' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 26
Version: 7.1.16
Release: 1.fc26
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!