Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryfedoraupdateFedora 33: FEDORA-2021-8dac5c39f3 Critical PHP Core Issues Fixed
**PHP version 7.4.14** (07 Jan 2021) **Core:** * Fixed bug php#74558 (Can't rebind closure returned by Closure::fromCallable()). (cmb) * Fixed bug php#80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). (cmb) * Fixed bug php#72964 (White space not unfolded for CC/Bcc headers). (cmb) * Fixed bug php#80362 (Running dtrace scripts can cause php to crash). (al at coralnet dot. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-8dac5c39f3 2021-01-14 01:37:01.292677 --------------------------------------------------------------------------------Name : php Product : Fedora 33 Version : 7.4.14 Release : 1.fc33 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. --------------------------------------------------------------------------------Update Information: **PHP version 7.4.14** (07 Jan 2021) **Core:** * Fixed bug php#74558 (Can't rebind closure returned by Closure::fromCallable()). (cmb) * Fixed bug php#80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). (cmb) * Fixed bug php#72964 (White space not unfolded for CC/Bcc headers). (cmb) * Fixed bug php#80362 (Running dtrace scripts can cause php to crash). (al at coralnet dot name) * Fixed bug php#80393 (Build of PHP extension fails due to configuration gap with libtool). (kir dot morozov at gmail dot com) * Fixed bug php#80402 (configure filtering out -lpthread). (Nikita) * Fixed bug php#77069 (stream filter loses final block of data). (cmb) **Fileinfo:** * Fixed bugphp#77961 (finfo_open crafted magic parsing SIGABRT). (cmb) **FPM:** * Fixed bug php#69625 (FPM returns 200 status on request without SCRIPT_FILENAME env). (Jakub Zelenka) **Intl:** * Fixed bug php#80425 (MessageFormatAdapter::getArgTypeList redefined). (Nikita) **OpenSSL:** * Fixed bug php#80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support). (Nikita) **Phar:** * Fixed bug php#73809 (Phar Zip parse crash - mmap fail). (cmb) * Fixed bug php#75102 (`PharData` says invalid checksum for valid tar). (cmb) * Fixed bug php#77322 (PharData::addEmptyDir('/') Possible integer overflow). (cmb) **PDO MySQL:** * Fixed bug php#80458 (PDOStatement::fetchAll() throws for upsert queries). (Kamil Tekiela) * Fixed bug php#63185 (nextRowset() ignores MySQL errors with native prepared statements). (Nikita) * Fixed bug php#78152 (PDO::exec() - Bad error handling with multiple commands). (Nikita) * Fixed bug php#70066 (Unexpected "Cannot execute queries while other unbuffered queries"). (Nikita) * Fixed bug php#71145 (Multiple statements in init command triggers unbuffered query error). (Nikita) * Fixed bug php#76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL). (Nikita) **Standard:** * Fixed bug php#77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (**CVE-2020-7071**) (cmb) * Fixed bug php#80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb) * Fixed bug php#80411 (References to null-serialized object break serialize()). (Nikita) **Tidy:** * Fixed bug php#77594 (ob_tidyhandler is never reset). (cmb) **Zlib:** * Fixed php#48725 (Support for flushing in zlib stream). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Jan 5 2021 Remi Collet - 7.4.14-1 - Update to 7.4.14 - https://www.php.net/releases/7_4_14.php - explicitly requires make --------------------------------------------------------------------------------References: [ 1 ] Bug#1913847 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1913847 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-8dac5c39f3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 13, 2021
•Critical
Fedora
98
security advisoryupdatered hatRed Hat 7: RHSA-2021-0096-01 Important: ASP.NET Deadlock Fix
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0096-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0096 Issue date: 2021-01-13 CVE Names: CVE-2021-1723 ==================================================================== 1. Summary: An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2. Security Fix(es): * dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details onhow to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v.7): Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-1723 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ oSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy bhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP GRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge l97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG iqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg hHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL jFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD yYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt FXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l ZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj allfL6TeAQ==fmd6 -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Jan 13, 2021
•Important
Red Hat
89
security advisorymoderateupdateFedora 31: FEDORA-2020-1ef317b85c Moderate PHP Enhancement Summary
**PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-0bf228857a 2020-03-26 01:18:47.419956 --------------------------------------------------------------------------------Name : php Product : Fedora 31 Version : 7.3.16 Release : 1.fc31 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.3.16** (19 Mar 2020) **Core:** * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation). (Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big endian architecture). (cmb) **EXIF:** * Fixed bug php#79282 (Use-of-uninitialized-value in exif). (**CVE-2020-7064*) (Nikita) **MBstring:** * Fixed bug php#79371 (mb_strtolower(UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (**CVE-2020-7065**) (cmb) **MySQLi:** * Fixed bug php#64032 (mysqli reports different client_version). (cmb) **PCRE:** * Fixed bug php#79188 (Memory corruption in preg_replace/preg_replace_callback and unicode). (Nikita) **PDO_ODBC:** * Fixed bug php#79038 (PDOStatement::nextRowset() leaks column values). (cmb) **Reflection:** * Fixed bug php#79062 (Property with heredoc default value returns false for getDocComment). (Nikita) **SQLite3:** * Fixed bug php#79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb) **Standard:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte). (**CVE-2020-7066**) (cmb) * Fixed bug php#79254 (getenv() w/o arguments not showing changes). (cmb) * Fixed bug php#79265 (Improper injection of Host header when using fopen for http requests). (Miguel Xavier Penha Neto) --------------------------------------------------------------------------------ChangeLog: * Tue Mar 17 2020 Remi Collet - 7.3.16-1 - Update to 7.3.16 - https://www.php.net/releases/7_3_16.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0bf228857a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 25, 2020
•Important
Fedora
89
security advisoryupdateFedoraFedora 31: FEDORA-2019-4adc49a476 Critical: PHP RCE and Core Fixes
**PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** * Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-4adc49a476 2019-10-31 00:56:56.732896 --------------------------------------------------------------------------------Name : php Product : Fedora 31 Version : 7.3.11 Release : 1.fc31 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** * Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub Zelenka) * Fixed bug php#78413 (request_terminate_timeout does not take effect after fastcgi_finish_request). (Sergei Turchanov) **MBString:** * Fixed bugphp#78579 (mb_decode_numericentity: args number inconsistency). (cmb) * Fixed bug php#78609 (mb_check_encoding() no longer supports stringable objects). (cmb) **MySQLi:** * Fixed bug php#76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto) **Mysqlnd:** * Fixed bug php#78525 (Memory leak in pdo when reusing native prepared statements). (Nikita) **PCRE:** * Fixed bug php#78272 (calling preg_match() before pcntl_fork() will freeze child process). (Nikita) **PDO_MySQL:** * Fixed bug php#78623 (Regression caused by "SP call yields additional empty result set"). (cmb) **Session:** * Fixed bug php#78624 (session_gc return value for user defined session handlers). (bshaffer) **Standard:** * Fixed bug php#76342 (file_get_contents waits twice specified timeout). (Thomas Calvet) * Fixed bug php#78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita) * Fixed bug php#76859 (stream_get_line skips data if used with data-generating filter). (kkopachev) **Zip:** * Fixed bug php#78641 (addGlob can modify given remove_path value). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Oct 22 2019 Remi Collet - 7.3.11-1 - Update to 7.3.11 - https://www.php.net/releases/7_3_11.php --------------------------------------------------------------------------------References: [ 1 ] Bug #1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c https://bugzilla.redhat.com/show_bug.cgi?id=1766378 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-4adc49a476' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can befound at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 30, 2019
•Critical
Fedora
89
security advisorysecurity updateFedoraFedora 29: 2019-da36d5d484 Moderate: PHP Security Fix for Dynamic Web Pages
**PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** *. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-da36d5d484 2019-04-13 15:31:14.317006 --------------------------------------------------------------------------------Name : php Product : Fedora 29 Version : 7.2.17 Release : 1.fc29 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** * Fixed bug php#77742 (bcpow() implementation related to gcc compiler optimization). (Nikita) **COM:** * Fixed bug php#77578 (Crash when php unload). (cmb) **Date:** * Fixed bug php#50020 (DateInterval:createDateFromString() silently fails). (Derick) * Fixed bug php#75113 (Added DatePeriod::getRecurrences() method). (Ignace Nyamagana Butera) **EXIF:** * Fixed bug php#77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas) * Fixed bug php#77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) **GD:** * Fixed bug php#77700 (Writing truecolor images as GIF ignores interlace flag). (cmb) **MySQLi:** * Fixed bug php#77597 (mysqli_fetch_field hangs scripts). (Nikita) **Opcache:** * Fixed bug php#77691 (Opcache passes wrong value for inline array push assignments). (Nikita) * Fixed bug php#77743 (Incorrect pi node insertion for jmpznz with identical successors). (Nikita) **phpdbg:** * Fixed bug php#77767 (phpdbg break cmd aliases listed in help do not match actual aliases). (Miriam Lauter) **sodium:** * Fixed bug php#77646 (sign_detached() strings not terminated). (Frank) **SQLite3:** * Added sqlite3.defensive INI directive. (BohwaZ) **Standard:** * Fixed bug php#77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) * Fixed bug php#77669 (Crash in extract() when overwriting extracted array). (Nikita) * Fixed bug php#76717 (var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) * Fixed bug php#77765 (FTP stream wrapper should set the directory as executable). (Vlad Temian) --------------------------------------------------------------------------------ChangeLog: * Wed Apr 3 2019 Remi Collet - 7.2.17-1 - Update to 7.2.17 - https://www.php.net/releases/7_2_17.php * Wed Mar 6 2019 Remi Collet - 7.2.16-1 - Update to 7.2.16 - https://www.php.net/releases/7_2_16.php - add upstream patch for OpenSSL 1.1.1b - adapt systzdata patch (v17) * Wed Feb 6 2019 Remi Collet - 7.2.15-1 - Update to 7.2.15 - https://www.php.net/releases/7_2_15.php * Tue Jan 8 2019 Remi Collet -7.2.14-1 - Update to 7.2.14 - https://www.php.net/releases/7_2_14.php * Tue Dec 18 2018 Remi Collet - 7.2.14~RC1-1 - update to 7.2.14RC1 * Sat Dec 8 2018 Remi Collet - 7.2.13-2 - Fix null pointer dereference in imap_mail CVE-2018-19935 * Wed Dec 5 2018 Remi Collet - 7.2.13-1 - Update to 7.2.13 - https://www.php.net/releases/7_2_13.php * Wed Nov 21 2018 Remi Collet - 7.2.13-0.1.RC1 - update to 7.2.13RC1 * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Fri Nov 2 2018 Remi Collet - 7.2.12-0.1.RC1 - rebuild * Tue Oct 23 2018 Remi Collet - 7.2.12~RC1-1 - update to 7.2.12RC1 * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-da36d5d484' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 13, 2019
Fedora
89
security advisoryfedoracriticalFedora 30: Advisory FEDORA-2019-1d78e14cfd Critical PHP Core Issues
**PHP version 7.3.4** (04 April 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77345 (Stack Overflow caused by circular reference in garbage collection). (Alexandru. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1d78e14cfd 2019-04-07 00:00:53.301480 --------------------------------------------------------------------------------Name : php Product : Fedora 30 Version : 7.3.4 Release : 1.fc30 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.3.4** (04 April 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77345 (Stack Overflow caused by circular reference in garbage collection). (Alexandru Patranescu, Nikita, Dmitry) * Fixed bug php#76956 (Wrong value for 'syslog.filter' documented in php.ini). (cmb) **Apache2Handler:** * Fixed bug php#77648 (BOM insapi/apache2handler/php_functions.c). (cmb) **Bcmath:** * Fixed bug php#77742 (bcpow() implementation related to gcc compiler optimization). (Nikita) **CLI Server:** * Fixed bug php#77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost). (Nikita) **COM:** * Fixed bug php#77578 (Crash when php unload). (cmb) **EXIF:** * Fixed bug php#77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas) * Fixed bug php#77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) **GD:** * Fixed bug php#77700 (Writing truecolor images as GIF ignores interlace flag). (cmb) **MySQLi:** * Fixed bug php#77597 (mysqli_fetch_field hangs scripts). (Nikita) **Opcache:** * Fixed bug php#77743 (Incorrect pi node insertion for jmpznz with identical successors). (Nikita) **Phar:** * Fxied bug php#77697 (Crash on Big_Endian platform). (Laruence) **phpdbg:** * Fixed bug php#77767 (phpdbg break cmd aliases listed in help do not match actual aliases). (Miriam Lauter) **sodium:** * Fixed bug php#77646 (sign_detached() strings not terminated). (Frank) **SQLite3:** * Added sqlite3.defensive INI directive. (BohwaZ) **Standard:** * Fixed bug php#77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) * Fixed bug php#77669 (Crash in extract() when overwriting extracted array). (Nikita) * Fixed bug php#76717 (var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) * Fixed bug php#77765 (FTP stream wrapper should set the directory as executable). (Vlad Temian) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1d78e14cfd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 06, 2019
•Critical
Fedora
89
security advisoryfedoracriticalFedora 20 PHP 5.5.23 2015-4216 Critical: Bug Fix Security Advisory
**19 Mar 2015, PHP 5.5.23** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4216 2015-03-21 00:08:19 -------------------------------------------------------------------------------- Name : php Product : Fedora 20 Version : 5.5.23 Release : 1.fc20 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: **19 Mar 2015, PHP 5.5.23** Core: * Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) * Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) * Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) * Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) * Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence) * Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dotcom) * Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) * Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) * Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) CGI: * Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) CLI: * Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) cURL: * Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) * Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) Ereg: * Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas) FPM: * Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) ODBC: * Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) Opcache: * Fixed bug #69125 (Array numeric string as key). (Laruence) * Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) OpenSSL: * Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) pgsql: * Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence) Readline: * Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence) SOAP: * Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence) SPL: * Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) * Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) ZIP: * Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary)(CVE-2015-2331). (Stas) -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 20 2015 Remi Collet 5.5.23-1 - Update to 5.5.23 https://www.php.net/releases/5_5_23.php * Thu Feb 19 2015 Remi Collet 5.5.22-1 - Update to 5.5.22 https://www.php.net/releases/5_5_22.php * Thu Jan 22 2015 Remi Collet 5.5.21-1 - Update to 5.5.21 https://www.php.net/releases/5_5_21.php * Thu Dec 18 2014 Remi Collet 5.5.20-2 - Update to 5.5.20 (real) https://www.php.net/releases/5_5_20.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.5.20-1 - Update to 5.5.20 https://www.php.net/releases/5_5_20.php * Fri Nov 21 2014 Remi Collet 5.5.19-3 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.5.19-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.5.19-1 - Update to 5.5.19 https://www.php.net/releases/5_5_19.php - new version of systzdata patch, fix case sensitivity * Thu Oct 16 2014 Remi Collet 5.5.18-1 - Update to 5.5.18 https://www.php.net/releases/5_5_18.php * Sat Sep 20 2014 Remi Collet 5.5.17-2 - openssl: fix regression introduce in changes for upstream bug #65137 and #41631, revert to 5.5.16 behavior * Thu Sep 18 2014 Remi Collet 5.5.17-1 - Update to 5.5.17 https://www.php.net/releases/5_5_17.php - fpm: fix script_name with mod_proxy_fcgi / proxypass add upstream patch for https://bugs.php.net/index.php * Thu Aug 21 2014 Remi Collet 5.5.16-1 - Update to 5.5.16 https://www.php.net/releases/5_5_16.php - fix zts-php-config --php-binary output #1124605 - move zts-php from php-devel to php-cli - revert fix for 67724because of 67865 * Thu Jul 24 2014 Remi Collet 5.5.15-1 - Update to 5.5.15 https://www.php.net/releases/5_5_15.php * Wed Jul 16 2014 Remi Collet 5.5.14-2 - add upstream patch for #67605 * Thu Jun 26 2014 Remi Collet 5.5.14-1 - Update to 5.5.14 https://www.php.net/releases/5_5_14.php - fix test for rhbz #971416 * Thu Jun 5 2014 Remi Collet 5.5.13-3 - fix regression introduce in fix for #67118 * Tue Jun 3 2014 Remi Collet 5.5.13-2 - fileinfo: fix insufficient boundary check - workaround regression introduce in fix for 67072 in serialize/unzerialize functions * Fri May 30 2014 Remi Collet 5.5.13-1 - Update to 5.5.13 https://www.php.net/releases/5_5_13.php * Sat May 3 2014 Remi Collet 5.5.12-1 - Update to 5.5.12 https://www.php.net/releases/5_5_12.php - php-fpm: change default unix socket permission CVE-2014-0185 * Thu Apr 3 2014 Remi Collet 5.5.11-1 - Update to 5.5.11 https://www.php.net/ChangeLog-5.php * Thu Mar 6 2014 Remi Collet 5.5.10-1 - Update to 5.5.10 https://www.php.net/ChangeLog-5.php#5.5.10 - php-fpm should own /var/lib/php/session and wsdlcache - fix pcre test results with libpcre < 8.34 * Tue Feb 18 2014 Remi Collet 5.5.9-2 - upstream patch for https://bugs.php.net/index.php * Tue Feb 11 2014 Remi Collet 5.5.9-1 - Update to 5.5.9 https://www.php.net/ChangeLog-5.php - Install macros to /usr/lib/rpm/macros.d * Thu Jan 23 2014 Joe Orton - 5.5.8-2 - fix _httpd_mmn expansion in absence of httpd-devel * Wed Jan 8 2014 Remi Collet 5.5.8-1 - update to 5.5.8 - drop conflicts with other opcode caches as both can be used only for user data cache * Wed Dec 11 2013 Remi Collet 5.5.7-1 - update to 5.5.7, fix for CVE-2013-6420 - fix zend_register_functions breaks reflection, php bug 66218 - fix Heap buffer over-read in DateInterval, php bug 66060 - fix fix overflow handling bug in non-x86 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204868 - php: SoapClient's __call() type confusion throughunserialize() https://bugzilla.redhat.com/show_bug.cgi?id=1204868 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Mar 31, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!