--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-6071a600e8
2018-05-03 15:21:35.407326
--------------------------------------------------------------------------------Name        : php
Product     : Fedora 26
Version     : 7.1.17
Release     : 1.fc26
URL         : https://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------Update Information:

**PHP version 7.1.17** (26 Apr 2018)  **Date:**  * Fixed bug php#76131 (mismatch
arginfo for date_create). (carusogabriel)  **Exif:**  * Fixed bug php#76130
(Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas)  **FPM:**  *
Fixed bug php#68440 (ERROR: failed to reload: execvp() failed: Argument list too
long). (Jacob Hipps) * Fixed incorrect write to getenv result in FPM reload.
(Jakub Zelenka)  **GD:**  * Fixed bug php#52070 (imagedashedline() - dashed line
sometimes is not visible). (cmb)  **iconv:**  * Fixed bug php#76249 (stream
filter convert.iconv leads to infinite loop on invalid sequence). (Stas)
**intl:**  * Fixed bug php#76153 (Intl compilation fails with icu4c 61.1).
(Anatol)  **ldap:**  * Fixed bug php#76248 (Malicious LDAP-Server Response
causes Crash). (Stas)  **mbstring:**  * Fixed bug php#75944 (Wrong cp1251
detection). (dmk001) * Fixed bug php#76113 (mbstring does not build with
Oniguruma 6.8.1). (chrullrich, cmb)  **Phar:**  * Fixed bug php#76129 (fix for
CVE-2018-5712 may not be complete). (Stas)  **phpdbg:**  * Fixed bug php#76143
(Memory corruption: arbitrary NUL overwrite). (Laruence)  **SPL:**  * Fixed bug
php#76131 (mismatch arginfo for splarray constructor).  (carusogabriel)
**standard:**  * Fixed bug php#75996 (incorrect url in header for mt_rand).
(tatarbj)
--------------------------------------------------------------------------------ChangeLog:

* Wed Apr 25 2018 Remi Collet  - 7.1.17-1
- Update to 7.1.17 - https://www.php.net/releases/7_1_17.php
* Wed Mar 28 2018 Remi Collet  - 7.1.16-1
- Update to 7.1.16 - https://www.php.net/releases/7_1_16.php
* Wed Feb 28 2018 Remi Collet  - 7.1.15-1
- Update to 7.1.15 - https://www.php.net/releases/7_1_15.php
* Wed Jan 31 2018 Remi Collet  - 7.1.14-1
- Update to 7.1.14 - https://www.php.net/releases/7_1_14.php
- define SOURCE_DATE_EPOCH for reproducible build
* Wed Jan  3 2018 Remi Collet  - 7.1.13-1
- Update to 7.1.13 - https://www.php.net/releases/7_1_13.php
* Wed Nov 22 2017 Remi Collet  - 7.1.12-1
- Update to 7.1.12 - https://www.php.net/releases/7_1_12.php
* Wed Oct 25 2017 Remi Collet  - 7.1.11-1
- Update to 7.1.11 - https://www.php.net/releases/7_1_11.php
* Wed Sep 27 2017 Remi Collet  - 7.1.10-1
- Update to 7.1.10 - https://www.php.net/releases/7_1_10.php
* Wed Sep  6 2017 Remi Collet  - 7.1.9-2
- Automatically load OpenSSL configuration file, from PHP 7.2
* Wed Aug 30 2017 Remi Collet  - 7.1.9-1
- Update to 7.1.9 - https://www.php.net/releases/7_1_9.php
* Wed Aug  2 2017 Remi Collet  - 7.1.8-1
- Update to 7.1.8 - https://www.php.net/releases/7_1_8.php
* Thu Jul  6 2017 Remi Collet  - 7.1.7-1
- Update to 7.1.7 - https://www.php.net/releases/7_1_7.php
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
        https://bugzilla.redhat.com/show_bug.cgi?id=1573814
  [ 2 ] Bug #1573805 - CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
        https://bugzilla.redhat.com/show_bug.cgi?id=1573805
  [ 3 ] Bug #1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
        https://bugzilla.redhat.com/show_bug.cgi?id=1573802
  [ 4 ] Bug #1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
        https://bugzilla.redhat.com/show_bug.cgi?id=1573797
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-6071a600e8' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 26: php Security Update 2018-6071a600e8 2018-6071a600e8

May 3, 2018
**PHP version 7.1.17** (26 Apr 2018) **Date:** * Fixed bug php#76131 (mismatch arginfo for date_create)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.1.17** (26 Apr 2018) **Date:** * Fixed bug php#76131 (mismatch

arginfo for date_create). (carusogabriel) **Exif:** * Fixed bug php#76130

(Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas) **FPM:** *

Fixed bug php#68440 (ERROR: failed to reload: execvp() failed: Argument list too

long). (Jacob Hipps) * Fixed incorrect write to getenv result in FPM reload.

(Jakub Zelenka) **GD:** * Fixed bug php#52070 (imagedashedline() - dashed line

sometimes is not visible). (cmb) **iconv:** * Fixed bug php#76249 (stream

filter convert.iconv leads to infinite loop on invalid sequence). (Stas)

**intl:** * Fixed bug php#76153 (Intl compilation fails with icu4c 61.1).

(Anatol) **ldap:** * Fixed bug php#76248 (Malicious LDAP-Server Response

causes Crash). (Stas) **mbstring:** * Fixed bug php#75944 (Wrong cp1251

detection). (dmk001) * Fixed bug php#76113 (mbstring does not build with

Oniguruma 6.8.1). (chrullrich, cmb) **Phar:** * Fixed bug php#76129 (fix for

CVE-2018-5712 may not be complete). (Stas) **phpdbg:** * Fixed bug php#76143

(Memory corruption: arbitrary NUL overwrite). (Laruence) **SPL:** * Fixed bug

php#76131 (mismatch arginfo for splarray constructor). (carusogabriel)

**standard:** * Fixed bug php#75996 (incorrect url in header for mt_rand).

(tatarbj)

* Wed Apr 25 2018 Remi Collet - 7.1.17-1

- Update to 7.1.17 - https://www.php.net/releases/7_1_17.php

* Wed Mar 28 2018 Remi Collet - 7.1.16-1

- Update to 7.1.16 - https://www.php.net/releases/7_1_16.php

* Wed Feb 28 2018 Remi Collet - 7.1.15-1

- Update to 7.1.15 - https://www.php.net/releases/7_1_15.php

* Wed Jan 31 2018 Remi Collet - 7.1.14-1

- Update to 7.1.14 - https://www.php.net/releases/7_1_14.php

- define SOURCE_DATE_EPOCH for reproducible build

* Wed Jan 3 2018 Remi Collet - 7.1.13-1

- Update to 7.1.13 - https://www.php.net/releases/7_1_13.php

* Wed Nov 22 2017 Remi Collet - 7.1.12-1

- Update to 7.1.12 - https://www.php.net/releases/7_1_12.php

* Wed Oct 25 2017 Remi Collet - 7.1.11-1

- Update to 7.1.11 - https://www.php.net/releases/7_1_11.php

* Wed Sep 27 2017 Remi Collet - 7.1.10-1

- Update to 7.1.10 - https://www.php.net/releases/7_1_10.php

* Wed Sep 6 2017 Remi Collet - 7.1.9-2

- Automatically load OpenSSL configuration file, from PHP 7.2

* Wed Aug 30 2017 Remi Collet - 7.1.9-1

- Update to 7.1.9 - https://www.php.net/releases/7_1_9.php

* Wed Aug 2 2017 Remi Collet - 7.1.8-1

- Update to 7.1.8 - https://www.php.net/releases/7_1_8.php

* Thu Jul 6 2017 Remi Collet - 7.1.7-1

- Update to 7.1.7 - https://www.php.net/releases/7_1_7.php

[ 1 ] Bug #1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages

https://bugzilla.redhat.com/show_bug.cgi?id=1573814

[ 2 ] Bug #1573805 - CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker

https://bugzilla.redhat.com/show_bug.cgi?id=1573805

[ 3 ] Bug #1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

https://bugzilla.redhat.com/show_bug.cgi?id=1573802

[ 4 ] Bug #1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

https://bugzilla.redhat.com/show_bug.cgi?id=1573797

su -c 'dnf upgrade --advisory FEDORA-2018-6071a600e8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2018-6071a600e8 2018-05-03 15:21:35.407326 Product : Fedora 26 Version : 7.1.17 Release : 1.fc26 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. **PHP version 7.1.17** (26 Apr 2018) **Date:** * Fixed bug php#76131 (mismatch arginfo for date_create). (carusogabriel) **Exif:** * Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps) * Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka) **GD:** * Fixed bug php#52070 (imagedashedline() - dashed line sometimes is not visible). (cmb) **iconv:** * Fixed bug php#76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas) **intl:** * Fixed bug php#76153 (Intl compilation fails with icu4c 61.1). (Anatol) **ldap:** * Fixed bug php#76248 (Malicious LDAP-Server Response causes Crash). (Stas) **mbstring:** * Fixed bug php#75944 (Wrong cp1251 detection). (dmk001) * Fixed bug php#76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb) **Phar:** * Fixed bug php#76129 (fix for CVE-2018-5712 may not be complete). (Stas) **phpdbg:** * Fixed bug php#76143 (Memory corruption: arbitrary NUL overwrite). (Laruence) **SPL:** * Fixed bug php#76131 (mismatch arginfo for splarray constructor). (carusogabriel) **standard:** * Fixed bug php#75996 (incorrect url in header for mt_rand). (tatarbj) * Wed Apr 25 2018 Remi Collet - 7.1.17-1 - Update to 7.1.17 - https://www.php.net/releases/7_1_17.php * Wed Mar 28 2018 Remi Collet - 7.1.16-1 - Update to 7.1.16 - https://www.php.net/releases/7_1_16.php * Wed Feb 28 2018 Remi Collet - 7.1.15-1 - Update to 7.1.15 - https://www.php.net/releases/7_1_15.php * Wed Jan 31 2018 Remi Collet - 7.1.14-1 - Update to 7.1.14 - https://www.php.net/releases/7_1_14.php - define SOURCE_DATE_EPOCH for reproducible build * Wed Jan 3 2018 Remi Collet - 7.1.13-1 - Update to 7.1.13 - https://www.php.net/releases/7_1_13.php * Wed Nov 22 2017 Remi Collet - 7.1.12-1 - Update to 7.1.12 - https://www.php.net/releases/7_1_12.php * Wed Oct 25 2017 Remi Collet - 7.1.11-1 - Update to 7.1.11 - https://www.php.net/releases/7_1_11.php * Wed Sep 27 2017 Remi Collet - 7.1.10-1 - Update to 7.1.10 - https://www.php.net/releases/7_1_10.php * Wed Sep 6 2017 Remi Collet - 7.1.9-2 - Automatically load OpenSSL configuration file, from PHP 7.2 * Wed Aug 30 2017 Remi Collet - 7.1.9-1 - Update to 7.1.9 - https://www.php.net/releases/7_1_9.php * Wed Aug 2 2017 Remi Collet - 7.1.8-1 - Update to 7.1.8 - https://www.php.net/releases/7_1_8.php * Thu Jul 6 2017 Remi Collet - 7.1.7-1 - Update to 7.1.7 - https://www.php.net/releases/7_1_7.php [ 1 ] Bug #1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages https://bugzilla.redhat.com/show_bug.cgi?id=1573814 [ 2 ] Bug #1573805 - CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker https://bugzilla.redhat.com/show_bug.cgi?id=1573805 [ 3 ] Bug #1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service https://bugzilla.redhat.com/show_bug.cgi?id=1573802 [ 4 ] Bug #1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data https://bugzilla.redhat.com/show_bug.cgi?id=1573797 su -c 'dnf upgrade --advisory FEDORA-2018-6071a600e8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 26
Version : 7.1.17
Release : 1.fc26
URL : https://www.php.net/
Summary : PHP scripting language for creating dynamic web sites

Related News