Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Fedora 26: 2018-e8bc8d2784 Critical: PHP Update For Web Applications

fedora
Calendar Grey March 11, 2018
Dist Fedora Esm H88
Ubuntu 18.04 PHP upgrade addresses major vulnerabilities and improves safety for online platforms in release 7.2.5.
**PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882

(a simple way for segfaults in threadsafe php just with configuration). (Anatol)

**Date:** * Fixed bug php#75857 (Timezone gets truncated when formatted).

(carusogabriel) * Fixed bug php#75928 (Argument 2 for

`DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed

bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)

**PGSQL:** * Fixed php#75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail

dot ru) **ODBC:** * Fixed bug php#73725 (Unable to retrieve value of

varchar(max) type). (Anatol) **LDAP:** * Fixed bug php#49876 (Fix LDAP path

lookup on 64-bit distros). (dzuelke) **libxml2:** * Fixed bug php#75871 (use

pkg-config where available). (pmmaga) **Phar:** * Fixed bug php#65414 (deal

with leading slash when adding files correctly). (bishopb) **SPL:** * Fixed

bug php#74519 (strange behavior of AppendIterator). (jhdxr) **Standard:** *

Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike, Philip

Sharp) * Fixed bug php#75981 (stack-buffer-overflow while parsing HTTP

response). (Stas)

[ 1 ] Bug #1551039 - CVE-2018-7584 php: Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1551039

su -c 'dnf upgrade php' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix Denial of Service PHP web applications

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 7.1.15
Release: 1.fc26
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory critical Fedora bug fix Denial of Service PHP web applications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here