Fedora 28: php Security Update

    Date03 May 2018
    CategoryFedora
    1173
    Posted ByAnthony Pell
    **PHP version 7.2.5** (26 Apr 2018) **Core:** * Fixed bug php#75722 (Convert valgrind detection to configure option). (Michael Heimpold) **Date:** * Fixed bug php#76131 (mismatch arginfo for date_create). (carusogabriel) **Exif:** * Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#68440 (ERROR: failed to reload: execvp()
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2018-ee6707d519
    2018-05-03 15:24:49.298664
    --------------------------------------------------------------------------------
    
    Name        : php
    Product     : Fedora 28
    Version     : 7.2.5
    Release     : 1.fc28
    URL         : http://www.php.net/
    Summary     : PHP scripting language for creating dynamic web sites
    Description :
    PHP is an HTML-embedded scripting language. PHP attempts to make it
    easy for developers to write dynamically generated web pages. PHP also
    offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a
    database-enabled webpage with PHP is fairly simple. The most common
    use of PHP coding is probably as a replacement for CGI scripts.
    
    The php package contains the module (often referred to as mod_php)
    which adds support for the PHP language to Apache HTTP Server.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    **PHP version 7.2.5** (26 Apr 2018)  **Core:**  * Fixed bug php#75722 (Convert
    valgrind detection to configure option). (Michael Heimpold)  **Date:**  * Fixed
    bug php#76131 (mismatch arginfo for date_create). (carusogabriel)  **Exif:**  *
    Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
    (Stas)  **FPM:**  * Fixed bug php#68440 (ERROR: failed to reload: execvp()
    failed: Argument list too long). (Jacob Hipps) * Fixed incorrect write to getenv
    result in FPM reload. (Jakub Zelenka)  **GD:**  * Fixed bug php#52070
    (imagedashedline() - dashed line sometimes is not visible). (cmb)  **intl:**  *
    Fixed bug php#76153 (Intl compilation fails with icu4c 61.1). (Anatol)
    **iconv:**  * Fixed bug php#76249 (stream filter convert.iconv leads to infinite
    loop on invalid sequence). (Stas)  **ldap:**  * Fixed bug php#76248 (Malicious
    LDAP-Server Response causes Crash). (Stas)  **mbstring:**  * Fixed bug php#75944
    (Wrong cp1251 detection). (dmk001) * Fixed bug php#76113 (mbstring does not
    build with Oniguruma 6.8.1). (chrullrich, cmb)  **ODBC:**  * Fixed bug php#76088
    (ODBC functions are not available by default on Windows). (cmb)  **Opcache:**  *
    Fixed bug php#76094 (Access violation when using opcache). (Laruence)  **Phar:**
    * Fixed bug php#76129 (fix for CVE-2018-5712 may not be complete). (Stas)
    **phpdbg:**  * Fixed bug php#76143 (Memory corruption: arbitrary NUL overwrite).
    (Laruence)  **SPL:**  * Fixed bug php#76131 (mismatch arginfo for splarray
    constructor).  (carusogabriel)  **standard:**  * Fixed bug php#74139
    (mail.add_x_header default inconsistent with docs). (cmb) * Fixed bug php#75996
    (incorrect url in header for mt_rand). (tatarbj)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Apr 24 2018 Remi Collet  - 7.2.5-1
    - Update to 7.2.5 - http://www.php.net/releases/7_2_5.php
    * Wed Apr 11 2018 Remi Collet  - 7.2.5~RC1-1
    - update to 7.2.5RC1
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
            https://bugzilla.redhat.com/show_bug.cgi?id=1573814
      [ 2 ] Bug #1573805 - CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
            https://bugzilla.redhat.com/show_bug.cgi?id=1573805
      [ 3 ] Bug #1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
            https://bugzilla.redhat.com/show_bug.cgi?id=1573802
      [ 4 ] Bug #1573797 - CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
            https://bugzilla.redhat.com/show_bug.cgi?id=1573797
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2018-ee6707d519' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.