Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorysoftware updateFedoraImportant Announcement: Critical Bug Fixes for Fedora 37 PHP 8.1.20
**PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug [GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move depends on uninitialised value(s)). (nielsdos) * Fixed bug [GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-2b7eeaaee5 2023-06-16 02:13:40.625154 --------------------------------------------------------------------------------Name : php Product : Fedora 37 Version : 8.1.20 Release : 1.fc37 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. --------------------------------------------------------------------------------Update Information: **PHP version 8.1.20** (08 Jun 2023) **Core:** * Fixed bug [GH-9068](https://github.com/php/php-src/issues/9068) (Conditional jump or move depends on uninitialised value(s)). (nielsdos) * Fixed bug [GH-11189](https://github.com/php/php-src/issues/11189) (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob) * Fixed bug [GH-11222](https://github.com/php/php-src/issues/11222) (foreach by-ref may jump over keys during a rehash). (Bob) **Date:** * Fixed bug [GH-11281](https://github.com/php/php-src/issues/11281) (DateTimeZone::getName() does not include seconds in offset). (nielsdos) **Exif:** * Fixed bug [GH-10834](https://github.com/php/php-src/issues/10834) (exif_read_data()cannot read smaller stream wrapper chunk sizes). (nielsdos) **FPM:** * Fixed bug [GH-10461](https://github.com/php/php-src/issues/10461) (PHP-FPM segfault due to after free usage of child-> ev_std(out|err)). (Jakub Zelenka) * Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka) * Fixed memory leak for invalid primary script file handle. (Jakub Zelenka) **Hash:** * Fixed bug [GH-11180](https://github.com/php/php-src/issues/11180) (hash_file() appears to be restricted to 3 arguments). (nielsdos) **LibXML:** * Fixed bug [GH-11160](https://github.com/php/php-src/issues/11160) (Few tests failed building with new libxml 2.11.0). (nielsdos) **Opcache:** * Fixed bug [GH-11134](https://github.com/php/php-src/issues/11134) (Incorrect match default branch optimization). (ilutov) * Fixed too wide OR and AND range inference. (nielsdos) * Fixed bug [GH-11245](https://github.com/php/php-src/issues/11245) (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos) **PGSQL:** * Fixed parameter parsing of pg_lo_export(). (kocsismate) **Phar:** * Fixed bug [GH-11099](https://github.com/php/php-src/issues/11099) (Generating phar.php during cross-compile can't be done). (peter279k) **Soap:** * Fixed bug [GHSA-76gg-c692-v2mw](https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw) (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) * Fixed bug [GH-8426](https://github.com/php/php-src/issues/8426) (make test fail while soap extension build). (nielsdos) **SPL:** * Fixed bug [GH-11178](https://github.com/php/php-src/issues/11178) (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos) **Standard:** * Fixed bug [GH-11138](https://github.com/php/php-src/issues/11138) (move_uploaded_file() emits open_basedir warning for source file). (ilutov) * Fixed bug [GH-11274](https://github.com/php/php-src/issues/11274) (POST/PATCH requestswitches to GET after a HTTP 308 redirect). (nielsdos) **Streams:** * Fixed bug [GH-10031](https://github.com/php/php-src/issues/10031) ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos) * Fixed bug [GH-11175](https://github.com/php/php-src/issues/11175) (Stream Socket Timeout). (nielsdos) * Fixed bug [GH-11177](https://github.com/php/php-src/issues/11177) (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos) --------------------------------------------------------------------------------ChangeLog: * Wed Jun 7 2023 Remi Collet - 8.1.20-1 - Update to 8.1.20 - https://www.php.net/releases/8_1_20.php --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-2b7eeaaee5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 16, 2023
•Important
Fedora
89
security advisoryfedorasoftware updateFedora 27: FEDORA-2017-46e8bdccef Critical: PHP Security Fix
**PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-46e8bdccef 2017-11-15 15:47:48.461222 --------------------------------------------------------------------------------Name : php Product : Fedora 27 Version : 7.1.11 Release : 1.fc27 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.1.11** (26 Oct 2017) **Core:** * Fixed bug php#75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence) * Fixed bug php#75236 (infinite loop when printing an error-message). (Andrea) * Fixed bug php#75252 (Incorrect token formatting on two parse errors in one request). (Nikita) * Fixed bug php#75220 (Segfault when calling is_callable on parent). (andrewnester) * Fixed bug php#75290 (debug info of Closures of internal functions contain garbage argument names). (Andrea) **Date:** * Fixed bug php#75055 (Out-Of-Bounds Read intimelib_meridian()). (Derick) **Apache2Handler:** * Fixed bug php#75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler). (mcarbonneaux) **Hash:** * Fixed bug php#75303 (sha3 hangs on bigendian). (Remi) **Intl:** * Fixed bug php#75318 (The parameter of UConverter::getAliases() is not optional). (cmb) **mcrypt:** * Fixed bug php#72535 (arcfour encryption stream filter crashes php). (Leigh) **MySQLi:** * Fixed bug php#75018 (Data corruption when reading fields of bit type). (Anatol) **Opcache** * Fixed bug php#75255 (Request hangs and not finish). (Dmitry) **PCRE:** * Fixed bug php#75207 (applied upstream patch for CVE-2016-1283). (Anatol) **PDO_mysql:** * Fixed bug php#75177 (Type 'bit' is fetched as unexpected string). (Anatol) **SPL:** * Fixed bug php#73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb) --------------------------------------------------------------------------------References: [ 1 ] Bug #1505644 - php-fpm is required by main php package https://bugzilla.redhat.com/show_bug.cgi?id=1505644 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2017
•Critical
Fedora
89
security advisorycriticalFedoraFedora 26: 2017-B8BB4B86E2 Moderate: PHP Stack Overflow Fix
**PHP version 7.1.7** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b8bb4b86e2 2017-07-18 19:26:12.549660 --------------------------------------------------------------------------------Name : php Product : Fedora 26 Version : 7.1.7 Release : 1.fc26 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.1.7** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug php#74658 (Undefined constants in array properties result in broken properties). (Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) * Fixed bug php#74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1)finish_nested_data from unserialize). (Nikita) * Fixed bug php#74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) **Date:** * Fixed bug php#74639 (implement clone for DatePeriod and DateInterval). (andrewnester) **DOM:** * Fixed bug php#69373 (References to deleted XPath query results). (ttoohey) **Intl:** * Fixed bug php#73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex) * Fixed bug php#74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) **Mbstring:** * Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** * Fixed bug php#74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence) * Revert opcache.enable_cli to default disabled. (Nikita) **OpenSSL:** * Fixed bug php#74720 (pkcs7_en/decrypt does not work if \x1a is used in content). (Anatol) * Fixed bug php#74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) **Reflection:** * Fixed bug php#74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence) **SPL:** * Fixed bug php#74478 (null coalescing operator failing with SplFixedArray). (jhdxr) **FTP:** * Fixed bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** * Fixed bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** * Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry) **Streams:** * Fixed bug php#74556 (stream_socket_get_name() returns '\0'). (Sara) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 18, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!