Fedora 26 PHP 7.1.11 Security Advisory: Critical Core Fixes

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null

pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236

(infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252

(Incorrect token formatting on two parse errors in one request). (Nikita) *

Fixed bug php#75220 (Segfault when calling is_callable on parent).

(andrewnester) * Fixed bug php#75290 (debug info of Closures of internal

functions contain garbage argument names). (Andrea) **Date:** * Fixed bug

php#75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

**Apache2Handler:** * Fixed bug php#75311 (error: 'zend_hash_key' has no member

named 'arKey' in apache2handler). (mcarbonneaux) **Hash:** * Fixed bug

php#75303 (sha3 hangs on bigendian). (Remi) **Intl:** * Fixed bug php#75318

(The parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:**

* Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh)

**MySQLi:** * Fixed bug php#75018 (Data corruption when reading fields of bit

type). (Anatol) **Opcache** * Fixed bug php#75255 (Request hangs and not

finish). (Dmitry) **PCRE:** * Fixed bug php#75207 (applied upstream patch for

CVE-2016-1283). (Anatol) **PDO_mysql:** * Fixed bug php#75177 (Type 'bit' is

fetched as unexpected string). (Anatol) **SPL:** * Fixed bug php#73629

(SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb)

su -c 'dnf upgrade php' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org