Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 30: FEDORA-2020-4ea970ebc6 Critical: PHP Memory Issues

fedora
Calendar Grey February 27, 2020
Dist Fedora Esm H88
PHP 7.3.15 for CentOS resolves buffer overflows, dangling pointers, cURL bugs, and additional improvements. Upgrade using DNF for enhanced security.
**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory corruption htmlspecialchars(): charset `*' not supported)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory

corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed bug

#php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug

php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug

php#76047 (Use-after-free when accessing already destructed backtrace

arguments). (Nikita) **CURL:** * Fixed bug php#79078 (Hypothetical use-after-free in curl_multi_add_handle()). (cmb) **Intl:** * Fixed bug php#79212

(NumberFormatter::format() may detect wrong type). (cmb) **Libxml:** * Fixed

bug php#79191 (Error in SoapClient ctor disables DOMDocument::save()). (Nikita,

cmb) **MBString:** * Fixed bug php#79154 (mb_convert_encoding() can modify

$from_encoding). (cmb) **MySQLnd:** * Fixed bug php#79084 (mysqlnd may fetch

wrong column indexes with MYSQLI_BOTH). (cmb) **OpenSSL:** * Fixed bug

php#79145 (openssl memory leak). (cmb, Nikita) **Phar:** * Fixed bug php#79082

(Files added to tar with Phar::buildFromIterator have all-access permissions).

(**CVE-2020-7063**) (stas) * Fixed bug php#79171 (heap-buffer-overflow in

phar_extract_file). (**CVE-2020-7061**) (cmb) * Fixed bug php#76584

(PharFileInfo::decompress not working). (cmb) **Reflection:** * Fixed bug

php#79115 (ReflectionClass::isCloneable call reflected class __destruct).

(Nikita) **Session:** * Fixed bug php#79221 (Null Pointer Dereference in PHP

Session Upload Progress). (**CVE-2020-7062**) (stas) **SPL:** * Fixed bug

php#79151 (heap use after free caused by spl_dllist_it_helper_move_forward).

(Nikita) **Standard:** * Fixed bug php#78902 (Memory leak when using

stream_filter_append). (liudaixiao) **Testing:** * Fixed bug php#78090

(bug45161.phpt takes forever to finish). (cmb) **XSL:** * Fixed bug php#70078

(XSL callbacks with nodes as parameter leak memory). (cmb)

* Tue Feb 18 2020 Remi Collet - 7.3.15-1

- Update to 7.3.15 - https://www.php.net/releases/7_3_15.php

* Tue Jan 21 2020 Remi Collet - 7.3.14-1

- Update to 7.3.14 - https://www.php.net/releases/7_3_14.php

* Tue Dec 17 2019 Remi Collet - 7.3.13-1

- Update to 7.3.13 - https://www.php.net/releases/7_3_13.php

* Tue Nov 19 2019 Remi Collet - 7.3.12-1

- Update to 7.3.12 - https://www.php.net/releases/7_3_12.php

* Tue Oct 22 2019 Remi Collet - 7.3.11-1

- Update to 7.3.11 - https://www.php.net/releases/7_3_11.php

* Tue Sep 24 2019 Remi Collet - 7.3.10-1

- Update to 7.3.10 - https://www.php.net/releases/7_3_10.php

* Wed Aug 28 2019 Remi Collet - 7.3.9-1

- Update to 7.3.9 - https://www.php.net/releases/7_3_9.php

* Tue Jul 30 2019 Remi Collet - 7.3.8-1

- Update to 7.3.8 - https://www.php.net/releases/7_3_8.php

* Wed Jul 3 2019 Remi Collet - 7.3.7-2

- Update to 7.3.7 - https://www.php.net/releases/7_3_7.php

* Tue May 28 2019 Remi Collet - 7.3.6-1

- Update to 7.3.6 - https://www.php.net/releases/7_3_6.php

* Wed May 1 2019 Remi Collet - 7.3.5-1

- Update to 7.3.5 - https://www.php.net/releases/7_3_5.php

su -c 'dnf upgrade --advisory FEDORA-2020-4ea970ebc6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora memory corruption OpenSSL PHP cURL use after free

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 7.3.15
Release: 1.fc30
URL: https://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory Fedora memory corruption OpenSSL PHP cURL use after free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here