--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-e8bc8d2784
2018-03-11 19:57:51.278274
--------------------------------------------------------------------------------Name        : php
Product     : Fedora 26
Version     : 7.1.15
Release     : 1.fc26
URL         : http://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------Update Information:

**PHP version 7.1.15** (01 Mar 2018)  **Apache2Handler:**  * Fixed bug php#75882
(a simple way for segfaults in threadsafe php just with configuration). (Anatol)
**Date:**  * Fixed bug php#75857 (Timezone gets truncated when formatted).
(carusogabriel) * Fixed bug php#75928 (Argument 2 for
`DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed
bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)
**PGSQL:**  * Fixed php#75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail
dot ru)  **ODBC:**  * Fixed bug php#73725 (Unable to retrieve value of
varchar(max) type). (Anatol)  **LDAP:**  * Fixed bug php#49876 (Fix LDAP path
lookup on 64-bit distros). (dzuelke)  **libxml2:**  * Fixed bug php#75871 (use
pkg-config where available). (pmmaga)  **Phar:**  * Fixed bug php#65414 (deal
with leading slash when adding files correctly). (bishopb)  **SPL:**  * Fixed
bug php#74519 (strange behavior of AppendIterator). (jhdxr)  **Standard:**  *
Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike,  Philip
Sharp) * Fixed bug php#75981 (stack-buffer-overflow while parsing HTTP
response). (Stas)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1551039 - CVE-2018-7584 php: Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=1551039
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 26: php Security Update 2018-e8bc8d2784

March 11, 2018

**PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882

(a simple way for segfaults in threadsafe php just with configuration). (Anatol)

**Date:** * Fixed bug php#75857 (Timezone gets truncated when formatted).

(carusogabriel) * Fixed bug php#75928 (Argument 2 for

`DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed

bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)

**PGSQL:** * Fixed php#75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail

dot ru) **ODBC:** * Fixed bug php#73725 (Unable to retrieve value of

varchar(max) type). (Anatol) **LDAP:** * Fixed bug php#49876 (Fix LDAP path

lookup on 64-bit distros). (dzuelke) **libxml2:** * Fixed bug php#75871 (use

pkg-config where available). (pmmaga) **Phar:** * Fixed bug php#65414 (deal

with leading slash when adding files correctly). (bishopb) **SPL:** * Fixed

bug php#74519 (strange behavior of AppendIterator). (jhdxr) **Standard:** *

Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike, Philip

Sharp) * Fixed bug php#75981 (stack-buffer-overflow while parsing HTTP

response). (Stas)

[ 1 ] Bug #1551039 - CVE-2018-7584 php: Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service

https://bugzilla.redhat.com/show_bug.cgi?id=1551039

su -c 'dnf upgrade php' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2018-e8bc8d2784 2018-03-11 19:57:51.278274 Product : Fedora 26 Version : 7.1.15 Release : 1.fc26 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. **PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol) **Date:** * Fixed bug php#75857 (Timezone gets truncated when formatted). (carusogabriel) * Fixed bug php#75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed bug php#68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr) **PGSQL:** * Fixed php#75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru) **ODBC:** * Fixed bug php#73725 (Unable to retrieve value of varchar(max) type). (Anatol) **LDAP:** * Fixed bug php#49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke) **libxml2:** * Fixed bug php#75871 (use pkg-config where available). (pmmaga) **Phar:** * Fixed bug php#65414 (deal with leading slash when adding files correctly). (bishopb) **SPL:** * Fixed bug php#74519 (strange behavior of AppendIterator). (jhdxr) **Standard:** * Fixed bug php#75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp) * Fixed bug php#75981 (stack-buffer-overflow while parsing HTTP response). (Stas) [ 1 ] Bug #1551039 - CVE-2018-7584 php: Stack-based buffer under-read in ext/standard/http_fopen_wrapper.c:php_stream_url_wrap_http_ex function when parsing HTTP response allows denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1551039 su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity

Product : Fedora 26

Version : 7.1.15

Release : 1.fc26

URL : http://www.php.net/

Summary : PHP scripting language for creating dynamic web sites

What Are You Looking For?

Fedora 26: php Security Update 2018-e8bc8d2784

Summary

Change Log

References

Update Instructions

Linux version of Qilin ransomware focuses on VMware ESXi

Debian 12.3 Delayed Due To An EXT4 Data Corruption Bug Being Addressed

Firefox 119 Starts to Roll Out Improved Firefox View Feature, Ramps Up Privacy and Security

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector

Using Open Source to Ensure Compliance & Data Integrity through Data Governance

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

What Are You Looking For?

Fedora 26: php Security Update 2018-e8bc8d2784

Summary

Change Log

References

Update Instructions

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By