Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryupdateFedoraFedora 35: 2021-06795380db Moderate: PHP Core Fixes and XML Error
**PHP version 8.0.13** (18 Nov 2021) **Core:** * Fixed bug php#81518 (Header injection via default_mimetype / default_charset). (cmb) **Date:** * Fixed bug php#81500 (Interval serialization regression since 7.3.14 / 7.4.2). (cmb) **MBString:** * Fixed bug php#76167 (mbstring may use pointer from some previous request). (cmb, cataphract) **Opcache:** * Fixed bug php#81512. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-06795380db 2021-11-26 01:21:19.429042 --------------------------------------------------------------------------------Name : php Product : Fedora 35 Version : 8.0.13 Release : 1.fc35 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. --------------------------------------------------------------------------------Update Information: **PHP version 8.0.13** (18 Nov 2021) **Core:** * Fixed bug php#81518 (Header injection via default_mimetype / default_charset). (cmb) **Date:** * Fixed bug php#81500 (Interval serialization regression since 7.3.14 / 7.4.2). (cmb) **MBString:** * Fixed bug php#76167 (mbstring may use pointer from some previous request). (cmb, cataphract) **Opcache:** * Fixed bug php#81512 (Unexpected behavior with arrays and JIT). (Dmitry) **PCRE:** * Fixed bug php#81424 (PCRE2 10.35 JIT performance regression). (cmb) **XML:** * Fixed bug php#79971 (special character is breaking the path in xml function). (**CVE-2021-21707**) (cmb) **XMLReader:** * Fixed bug php#81521 (XMLReader::getParserProperty maythrow with a valid property). (Nikita) --------------------------------------------------------------------------------ChangeLog: * Wed Nov 17 2021 Remi Collet - 8.0.13-1 - Update to 8.0.13 - https://www.php.net/releases/8_0_13.php --------------------------------------------------------------------------------References: [ 1 ] Bug #2026045 - CVE-2021-21707 php: special character breaks path in xml parsing https://bugzilla.redhat.com/show_bug.cgi?id=2026045 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-06795380db' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 25, 2021
Fedora
89
security advisorysoftware updateFedoraFedora: 2020-9aac6c76c4 Critical: Core Fixes in PHP 7.4.4
**PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) * Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-9aac6c76c4 2020-03-25 16:15:14.917279 --------------------------------------------------------------------------------Name : php Product : Fedora 32 Version : 7.4.4 Release : 1.fc32 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.4.4** (19 Mar 2020) **Core:** * Fixed bug php#79329 (get_headers() silently truncates after a null byte) (**CVE-2020-7066**) (cmb) * Fixed bug php#79244 (php crashes during parsing INI file). (Laruence) * Fixed bug php#63206 (restore_error_handler does not restore previous errors mask). (Mark Plomer) **CURL:** * Fixed bug php#79019 (Copied cURL handles upload empty file). (cmb) * Fixed bug php#79013 (Content-Length missing when posting a curlFile with curl). (cmb) **DOM:** * Fixed bug php#77569: (Write Access Violation in DomImplementation).(Nikita, cmb) * Fixed bug php#79271 (DOMDocumentType::$childNodes is NULL). (cmb) **Enchant:** * Fixed bug php#79311 (enchant_dict_suggest() fails on big endian architecture). (cmb) **EXIF:** * Fixed bug php#79282 (Use-of-uninitialized-value in exif) (**CVE-2020-7064**) (Nikita) **Fileinfo:** * Fixed bug php#79283 (Segfault in libmagic patch contains a buffer overflow) (cmb) **FPM:** * Fixed bug php#77653 (operator displayed instead of the real error message). (Jakub Zelenka) * Fixed bug php#79014 (PHP-FPM & Primary script unknown). (Jakub Zelenka) **MBstring:** * Fixed bug php#79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (**CVE-2020-7065**) (cmb) **MySQLi:** * Fixed bug php#64032 (mysqli reports different client_version). (cmb) **MySQLnd:** * Implemented FR php#79275 (Support auth_plugin_caching_sha2_password on Windows). (cmb) **Opcache:** * Fixed bug php#79252 (preloading causes php-fpm to segfault during exit). (Nikita) **PCRE:** * Fixed bug php#79188 (Memory corruption in preg_replace/preg_replace_callback and unicode). (Nikita) * Fixed bug php#79241 (Segmentation fault on preg_match()). (Nikita) * Fixed bug php#79257 (Duplicate named groups (?J) prefer last alternative even if not matched). (Nikita) **PDO_ODBC:** * Fixed bug php#79038 (PDOStatement::nextRowset() leaks column values). (cmb) **Reflection:** * Fixed bug php#79062 (Property with heredoc default value returns false for getDocComment). (Nikita) **SQLite3:** * Fixed bug php#79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb) **Standard:** * Fixed bug php#79254 (getenv() w/o arguments not showing changes). (cmb) * Fixed bug php#79265 (Improper injection of Host header when using fopen for http requests). (Miguel Xavier Penha Neto) **Zip:** * Fixed bug php#79315 (ZipArchive::addFile doesn't honor start/length parameters). (Remi) --------------------------------------------------------------------------------ChangeLog: * Tue Mar 17 2020 RemiCollet - 7.4.4-1 - Update to 7.4.4 - https://www.php.net/releases/7_4_4.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9aac6c76c4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 25, 2020
•Critical
Fedora
89
security advisoryfedoraupdateFedora 29: Critical PHP Core Fixes Update 2019-aa6036fcb3 Released
**PHP version 7.2.14** (10 Jan 2019) **Core:** * Fixed bug php#77369 (memcpy with negative length via crafted DNS response). (Stas) * Fixed bug php#71041 (zend_signal_startup() needs ZEND_API). (Valentin V. Bartenev) * Fixed bug php#76046 (PHP generates "FE_FREE" opcode on the wrong line). (Nikita) **Date:** * Fixed bug php#77097 (DateTime::diff gives wrong diff when the. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-aa6036fcb3 2019-01-19 02:25:20.763242 --------------------------------------------------------------------------------Name : php Product : Fedora 29 Version : 7.2.14 Release : 1.fc29 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.14** (10 Jan 2019) **Core:** * Fixed bug php#77369 (memcpy with negative length via crafted DNS response). (Stas) * Fixed bug php#71041 (zend_signal_startup() needs ZEND_API). (Valentin V. Bartenev) * Fixed bug php#76046 (PHP generates "FE_FREE" opcode on the wrong line). (Nikita) **Date:** * Fixed bug php#77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second). (Derick) **Exif:** * Fixed bug php#77184 (Unsigned rational numbers are written out as signed rationals). (Colin Basnett) **Opcache:** * Fixed bug php#77215 (CFGassertion failure on multiple finalizing switch frees in one block). (Nikita) **PDO:** * Handle invalid index passed to PDOStatement::fetchColumn() as error. (Sergei Morozov) **Phar:** * Fixed bug php#77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas) **Sockets:** * Fixed bug php#77136 (Unsupported IPV6_RECVPKTINFO constants on macOS). (Mizunashi Mana) **SQLite3:** * Fixed bug php#77051 (Issue with re-binding on SQLite3). (BohwaZ) **Xmlrpc:** * Fixed bug php#77242 (heap out of bounds read in xmlrpc_decode()). (cmb) * Fixed bug php#77380 (Global out of bounds read in xmlrpc base64 code). (Stas) --------------------------------------------------------------------------------ChangeLog: * Tue Jan 8 2019 Remi Collet - 7.2.14-1 - Update to 7.2.14 - http://www.php.net/releases/7_2_14.php * Tue Dec 18 2018 Remi Collet - 7.2.14~RC1-1 - update to 7.2.14RC1 * Sat Dec 8 2018 Remi Collet - 7.2.13-2 - Fix null pointer dereference in imap_mail CVE-2018-19935 * Wed Dec 5 2018 Remi Collet - 7.2.13-1 - Update to 7.2.13 - https://www.php.net/releases/7_2_13.php * Wed Nov 21 2018 Remi Collet - 7.2.13-0.1.RC1 - update to 7.2.13RC1 * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Fri Nov 2 2018 Remi Collet - 7.2.12-0.1.RC1 - rebuild * Tue Oct 23 2018 Remi Collet - 7.2.12~RC1-1 - update to 7.2.12RC1 * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-aa6036fcb3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 19, 2019
•Critical
Fedora
89
security advisorymoderateFedoraFedora 28: FEDORA-2018-6855bf9ff3 Moderate: PHP Core Bug Fixes
**PHP version 7.2.12** (08 Nov 2018) **Core:** * Fixed bug php#76846 (Segfault in shutdown function after memory limit error). (Nikita) * Fixed bug php#76946 (Cyclic reference in generator not detected). (Nikita) * Fixed bug php#77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot) * Fixed bug php#77041 (buildconf should output error messages to stderr) (Mizunashi. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-6855bf9ff3 2018-11-16 02:57:27.749573 --------------------------------------------------------------------------------Name : php Product : Fedora 28 Version : 7.2.12 Release : 1.fc28 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.12** (08 Nov 2018) **Core:** * Fixed bug php#76846 (Segfault in shutdown function after memory limit error). (Nikita) * Fixed bug php#76946 (Cyclic reference in generator not detected). (Nikita) * Fixed bug php#77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot) * Fixed bug php#77041 (buildconf should output error messages to stderr) (Mizunashi Mana) **Date:** * Upgraded timelib to 2017.08. (Derick) * Fixed bug php#75851 (Year component overflow with date formats "c", "o", "r" and "y"). (Adam Saponara) *Fixed bug php#77007 (fractions in `diff()` are not correctly normalized). (Derick) **FCGI:** * Fixed php#76948 (Failed shutdown/reboot or end session in Windows). (Anatol) * Fixed bug php#76954 (apache_response_headers removes last character from header name). (stodorovic) **FTP:** * Fixed bug php#76972 (Data truncation due to forceful ssl socket shutdown). (Manuel Mausz) **intl:** * Fixed bug php#76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org) **Reflection:** * Fixed bug php#76936 (Objects cannot access their private attributes while handling reflection errors). (Nikita) * Fixed bug php#66430 (ReflectionFunction::invoke does not invoke closure with object scope). (Nikita) **Sodium:** * Some base64 outputs were truncated; this is not the case any more. (jedisct1) * block sizes > = 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed. (jedisct1) * Fixed bug php#77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input). (jedisct1) **Standard:** * Fixed bug php#76965 (INI_SCANNER_RAW doesn't strip trailing whitespace). (Pierrick) **Tidy:** * Fixed bug php#77027 (tidy::getOptDoc() not available on Windows). (cmb) **XML:** * Fixed bug php#30875 (xml_parse_into_struct() does not resolve entities). (cmb) * Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb) **XMLRPC:** * Fixed bug php#75282 (xmlrpc_encode_request() crashes). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php * Tue Sep 11 2018 Remi Collet - 7.2.10-1 - Update to 7.2.10 - https://www.php.net/releases/7_2_10.php * Thu Aug 16 2018 Remi Collet - 7.2.9-1 - Update to 7.2.9 - https://www.php.net/releases/7_2_9.php * Tue Jul 172018 Remi Collet - 7.2.8-1 - Update to 7.2.8 - https://www.php.net/releases/7_2_8.php - FPM: add getallheaders, backported from 7.3 * Wed Jun 20 2018 Remi Collet - 7.2.7-1 - Update to 7.2.7 - https://www.php.net/releases/7_2_7.php * Wed May 23 2018 Remi Collet - 7.2.6-1 - Update to 7.2.6 - https://www.php.net/releases/7_2_6.php * Tue Apr 24 2018 Remi Collet - 7.2.5-1 - Update to 7.2.5 - https://www.php.net/releases/7_2_5.php * Wed Apr 11 2018 Remi Collet - 7.2.5~RC1-1 - update to 7.2.5RC1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1649481 - php: memory leak in the garbage collector when using cyclic references https://bugzilla.redhat.com/show_bug.cgi?id=1649481 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-6855bf9ff3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 16, 2018
Fedora
89
security advisorycritical issuesoftware updateFedora 26: FEDORA-2018-c4e9207c31 Critical PHP Segmentation Fault
**PHP version 7.1.13** (04 Jan 2018) **Core:** * Fixed bug php#75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence) * Fixed bug php#75384 (PHP seems incompatible with OneDrive files on demand). (Anatol) * Fixed bug php#74862 (Unable to clone instance when private __clone defined). (Daniel Ciochiu) * Fixed bug php#75074 (php-process crash when is_file() is used with. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-c4e9207c31 2018-01-16 14:14:36.364938 --------------------------------------------------------------------------------Name : php Product : Fedora 26 Version : 7.1.13 Release : 1.fc26 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.1.13** (04 Jan 2018) **Core:** * Fixed bug php#75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence) * Fixed bug php#75384 (PHP seems incompatible with OneDrive files on demand). (Anatol) * Fixed bug php#74862 (Unable to clone instance when private __clone defined). (Daniel Ciochiu) * Fixed bug php#75074 (php-process crash when is_file() is used with strings longer 260 chars). (Anatol) **CLI Server:** * Fixed bug php#60471 (Random "Invalid request (unexpected EOF)" using a router script). (SammyK) * Fixed bug php#73830 (Directory does notexist). (Anatol) **FPM:** * Fixed bug php#64938 (libxml_disable_entity_loader setting is shared between requests). (Remi) **Opcache:** * Fixed bug php#75608 ("Narrowing occurred during type inference" error). (Laruence, Dmitry) * Fixed bug php#75579 (Interned strings buffer overflow may cause crash). (Dmitry) * Fixed bug php#75570 ("Narrowing occurred during type inference" error). (Dmitry) **PCRE:** * Fixed bug php#74183 (preg_last_error not returning error code after error). (Andrew Nester) **Phar:** * Fixed bug php#74782 (remove file name from output to avoid XSS). (stas) **Standard:** * Fixed bug php#75511 (fread not free unused buffer). (Laruence) * Fixed bug php#75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi) * Fixed bug php#75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (Nikita) * Fixed bug php#75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing). (sarciszewski) * Fixed bug php#73124 (php_ini_scanned_files() not reporting correctly). (John Stevenson) * Fixed bug php#75574 (putenv does not work properly if parameter contains non-ASCII unicode character). (Anatol) **Zip:** * Fixed bug php#75540 (Segfault with libzip 1.3.1). (Remi) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jan 16, 2018
•Critical
Fedora
89
security advisoryupdatecriticalFedora 26 PHP 7.1.11 Security Advisory: Critical Core Fixes
**PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-0af85ae851 2017-11-07 21:00:14.742741 --------------------------------------------------------------------------------Name : php Product : Fedora 26 Version : 7.1.11 Release : 1.fc26 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent). (andrewnester) * Fixed bug php#75290 (debug info of Closures of internal functions contain garbage argument names). (Andrea) **Date:** * Fixed bug php#75055 (Out-Of-Bounds Read intimelib_meridian()). (Derick) **Apache2Handler:** * Fixed bug php#75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler). (mcarbonneaux) **Hash:** * Fixed bug php#75303 (sha3 hangs on bigendian). (Remi) **Intl:** * Fixed bug php#75318 (The parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:** * Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh) **MySQLi:** * Fixed bug php#75018 (Data corruption when reading fields of bit type). (Anatol) **Opcache** * Fixed bug php#75255 (Request hangs and not finish). (Dmitry) **PCRE:** * Fixed bug php#75207 (applied upstream patch for CVE-2016-1283). (Anatol) **PDO_mysql:** * Fixed bug php#75177 (Type 'bit' is fetched as unexpected string). (Anatol) **SPL:** * Fixed bug php#73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 07, 2017
•Critical
Fedora
89
security advisoryFedoraweb applicationFedora 25 PHP: 7.0.21 Security Advisory for Heap Issues
**PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b674dc22ad 2017-07-13 13:55:12.014043 --------------------------------------------------------------------------------Name : php Product : Fedora 25 Version : 7.0.21 Release : 1.fc25 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHPINI Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **DOM:** * Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** * Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) * Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) * Fixed bug php#73634 (grapheme_strpos illegal memory access). (Stas) **Mbstring:** * Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** * Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) **OpenSSL:** * Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** * Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** * Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **Standard:** * Fixed bug php#74708 (Invalid Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi) * Fixed bug php#73648 (Heap buffer overflow in substr). (Stas) **FTP:** * Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** * Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** * Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** * Fixed bug php#74556 (stream_socket_get_name() returns '\0'). (Sara) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 13, 2017
•Important
Fedora
89
security advisoryhigh severitysoftware updateFedora 21 High Advisory: 2015-11581 PHP Core Fix and Bug Resolutions
10 Jul 2015, **PHP 5.6.11** **Core:** * Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) * Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle) * Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-11581 2015-07-14 12:24:25 -------------------------------------------------------------------------------- Name : php Product : Fedora 21 Version : 5.6.11 Release : 1.fc21 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: 10 Jul 2015, **PHP 5.6.11** **Core:** * Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) * Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle) * Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry) * Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski) * Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker) * Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz) * Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita) * Fixed bug #69835 (phpinfo() does not report manyWindows SKUs). (Christian Wenz) * Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita) * Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo) **GD:** * Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb) **GMP:** * Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). (Nikita) **PCRE:** * Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb) * Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab) **PDO_pgsql:** * Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter) * Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo) * Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo) **SimpleXML:** * Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker) **SPL:** * Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas) * Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga). * Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence) **Sqlite3:** * Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence) -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 12 2015 Remi Collet 5.6.11-1 - Update to 5.6.11 https://www.php.net/releases/5_6_11.php - the phar link is now correctly created * Thu Jun 11 2015 Remi Collet 5.6.10-1 - Update to 5.6.10 https://www.php.net/releases/5_6_10.php - add explicit spec license (implicit by FPCA) - opcache is now 7.0.6-dev * Fri May 15 2015 Remi Collet 5.6.9-1 - Update to 5.6.9 https://www.php.net/releases/5_6_9.php - adapt systzdata patch for upstream changes for new zic * Thu Apr 16 2015 RemiCollet 5.6.8-1 - Update to 5.6.8 https://www.php.net/releases/5_6_8.php * Fri Mar 20 2015 Remi Collet 5.6.7-1 - Update to 5.6.7 https://www.php.net/releases/5_6_7.php * Thu Feb 19 2015 Remi Collet 5.6.6-1 - Update to 5.6.6 https://www.php.net/releases/5_6_6.php * Thu Jan 22 2015 Remi Collet 5.6.5-1 - Update to 5.6.5 https://www.php.net/releases/5_6_5.php - FPM: enable ACL support for Unix Domain Socket * Wed Dec 17 2014 Remi Collet 5.6.4-2 - Update to 5.6.4 (real) https://www.php.net/releases/5_6_4.php - php-xmlrpc requires php-xml * Wed Dec 10 2014 Remi Collet 5.6.4-1 - Update to 5.6.4 https://www.php.net/releases/5_6_4.php * Fri Nov 28 2014 Remi Collet 5.6.4-0.1.RC1 - php 5.6.4RC1 * Mon Nov 17 2014 Remi Collet 5.6.3-4 - FPM: add upstream patch for https://bugs.php.net/index.php listen.allowed_clients is IPv4 only * Mon Nov 17 2014 Remi Collet 5.6.3-3 - sync php-fpm configuration with upstream - refresh upstream patch for 68421 * Sun Nov 16 2014 Remi Collet 5.6.3-2 - FPM: add upstream patch for https://bugs.php.net/index.php access.format=R doesn't log ipv6 address - FPM: add upstream patch for https://bugs.php.net/index.php listen=9000 listens to ipv6 localhost instead of all addresses - FPM: add upstream patch for https://bugs.php.net/index.php will no longer load all pools * Thu Nov 13 2014 Remi Collet 5.6.3-1 - Update to PHP 5.6.3 https://www.php.net/releases/5_6_3.php * Fri Oct 31 2014 Remi Collet 5.6.3-0.2.RC1 - php 5.6.3RC1 (refreshed, phpdbg changes reverted) - new version of systzdata patch, fix case sensitivity - ignore Factory in date tests * Wed Oct 29 2014 Remi Collet 5.6.3-0.1.RC1 - php 5.6.3RC1 - disable opcache.fast_shutdown in default config - enable phpdbg_webhelper new extension (in php-dbg) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file https://bugzilla.redhat.com/show_bug.cgi?id=1245236 [2 ] Bug #1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath https://bugzilla.redhat.com/show_bug.cgi?id=1245242 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jul 29, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!