Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryFedoramoderate severityFedora 35 Advisory: PHP 8.0.16 Moderate Core Issues Security Fix
**PHP version 8.0.16** (17 Feb 2022) **Core:** * Fixed bug php#81430 (Attribute instantiation leaves dangling pointer). (beberlei) * Fixed bug [GH-7896](https://github.com/php/php-src/issues/7896) (Environment vars may be mangled on Windows). (cmb) **FFI:** * Fixed bug [GH-7867](https://github.com/php/php-src/issues/7867) (FFI::cast() from pointer. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1596a2dacb 2022-02-22 19:11:40.093323 --------------------------------------------------------------------------------Name : php Product : Fedora 35 Version : 8.0.16 Release : 1.fc35 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. --------------------------------------------------------------------------------Update Information: **PHP version 8.0.16** (17 Feb 2022) **Core:** * Fixed bug php#81430 (Attribute instantiation leaves dangling pointer). (beberlei) * Fixed bug [GH-7896](https://github.com/php/php-src/issues/7896) (Environment vars may be mangled on Windows). (cmb) **FFI:** * Fixed bug [GH-7867](https://github.com/php/php-src/issues/7867) (FFI::cast() from pointer to array is broken). (cmb, dmitry) **Filter:** * Fixed bug php#81708: UAF due to php_filter_float() failing for ints. (**CVE-2021-21708**) (cmb) **FPM:** * Fixed memory leak on invalid port. (David Carlier) **MBString:** * Fixed bug [GH-7902](https://github.com/php/php-src/issues/7902) (mb_send_mail may delimit headers with LF only). (cmb) **MySQLnd:** * Fixedbug [GH-7972](https://github.com/php/php-src/issues/7972) (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela) **Sockets:** * Fixed ext/sockets build on Haiku. (David Carlier) * Fixed bug [GH-7978](https://github.com/php/php-src/issues/7978) (sockets extension compilation errors). (David Carlier) **Standard:** * Fixed bug [GH-7875](https://github.com/php/php-src/issues/7875) (mails are sent even if failure to log throws exception). (cmb) --------------------------------------------------------------------------------ChangeLog: * Wed Feb 16 2022 Remi Collet - 8.0.16-1 - Update to 8.0.16 - https://www.php.net/releases/8_0_16.php --------------------------------------------------------------------------------References: [ 1 ] Bug #2055879 - CVE-2021-21708 php: Use after free due to php_filter_float() failing for ints https://bugzilla.redhat.com/show_bug.cgi?id=2055879 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1596a2dacb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 22, 2022
•Important
Fedora
89
security advisoryfedoraFedoraFedora 32: 2021-ca0e53d310 Moderate: PHP 7.4.14 Bug Fixes Overview
**PHP version 7.4.14** (07 Jan 2021) **Core:** * Fixed bug php#74558 (Can't rebind closure returned by Closure::fromCallable()). (cmb) * Fixed bug php#80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). (cmb) * Fixed bug php#72964 (White space not unfolded for CC/Bcc headers). (cmb) * Fixed bug php#80362 (Running dtrace scripts can cause php to crash). (al at coralnet dot. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ca0e53d310 2021-01-16 01:22:32.462447 --------------------------------------------------------------------------------Name : php Product : Fedora 32 Version : 7.4.14 Release : 1.fc32 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.4.14** (07 Jan 2021) **Core:** * Fixed bug php#74558 (Can't rebind closure returned by Closure::fromCallable()). (cmb) * Fixed bug php#80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION). (cmb) * Fixed bug php#72964 (White space not unfolded for CC/Bcc headers). (cmb) * Fixed bug php#80362 (Running dtrace scripts can cause php to crash). (al at coralnet dot name) * Fixed bug php#80393 (Build of PHP extension fails due to configuration gap with libtool). (kir dot morozov at gmail dot com) * Fixed bug php#80402 (configure filteringout -lpthread). (Nikita) * Fixed bug php#77069 (stream filter loses final block of data). (cmb) **Fileinfo:** * Fixed bug php#77961 (finfo_open crafted magic parsing SIGABRT). (cmb) **FPM:** * Fixed bug php#69625 (FPM returns 200 status on request without SCRIPT_FILENAME env). (Jakub Zelenka) **Intl:** * Fixed bug php#80425 (MessageFormatAdapter::getArgTypeList redefined). (Nikita) **OpenSSL:** * Fixed bug php#80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support). (Nikita) **Phar:** * Fixed bug php#73809 (Phar Zip parse crash - mmap fail). (cmb) * Fixed bug php#75102 (`PharData` says invalid checksum for valid tar). (cmb) * Fixed bug php#77322 (PharData::addEmptyDir('/') Possible integer overflow). (cmb) **PDO MySQL:** * Fixed bug php#80458 (PDOStatement::fetchAll() throws for upsert queries). (Kamil Tekiela) * Fixed bug php#63185 (nextRowset() ignores MySQL errors with native prepared statements). (Nikita) * Fixed bug php#78152 (PDO::exec() - Bad error handling with multiple commands). (Nikita) * Fixed bug php#70066 (Unexpected "Cannot execute queries while other unbuffered queries"). (Nikita) * Fixed bug php#71145 (Multiple statements in init command triggers unbuffered query error). (Nikita) * Fixed bug php#76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL). (Nikita) **Standard:** * Fixed bug php#77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (**CVE-2020-7071**) (cmb) * Fixed bug php#80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb) * Fixed bug php#80411 (References to null-serialized object break serialize()). (Nikita) **Tidy:** * Fixed bug php#77594 (ob_tidyhandler is never reset). (cmb) **Zlib:** * Fixed php#48725 (Support for flushing in zlib stream). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Jan 5 2021 Remi Collet - 7.4.14-1 - Update to 7.4.14 - https://www.php.net/releases/7_4_14.php - explicitlyrequires make --------------------------------------------------------------------------------References: [ 1 ] Bug #1913847 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1913847 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ca0e53d310' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 15, 2021
Fedora
89
security advisoryFedorabug fixFedora 28 PHP Update 2019-253da50ddd Critical: Core Fixes Summary
**PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** *. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-253da50ddd 2019-04-13 01:29:51.120019 --------------------------------------------------------------------------------Name : php Product : Fedora 28 Version : 7.2.17 Release : 1.fc28 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** * Fixed bug php#77742 (bcpow() implementation related to gcc compiler optimization). (Nikita) **COM:** * Fixed bug php#77578 (Crash when php unload). (cmb) **Date:** * Fixed bug php#50020 (DateInterval:createDateFromString() silently fails). (Derick) * Fixed bug php#75113 (Added DatePeriod::getRecurrences() method). (Ignace Nyamagana Butera) **EXIF:** * Fixed bug php#77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas) * Fixed bug php#77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) **GD:** * Fixed bug php#77700 (Writing truecolor images as GIF ignores interlace flag). (cmb) **MySQLi:** * Fixed bug php#77597 (mysqli_fetch_field hangs scripts). (Nikita) **Opcache:** * Fixed bug php#77691 (Opcache passes wrong value for inline array push assignments). (Nikita) * Fixed bug php#77743 (Incorrect pi node insertion for jmpznz with identical successors). (Nikita) **phpdbg:** * Fixed bug php#77767 (phpdbg break cmd aliases listed in help do not match actual aliases). (Miriam Lauter) **sodium:** * Fixed bug php#77646 (sign_detached() strings not terminated). (Frank) **SQLite3:** * Added sqlite3.defensive INI directive. (BohwaZ) **Standard:** * Fixed bug php#77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) * Fixed bug php#77669 (Crash in extract() when overwriting extracted array). (Nikita) * Fixed bug php#76717 (var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) * Fixed bug php#77765 (FTP stream wrapper should set the directory as executable). (Vlad Temian) --------------------------------------------------------------------------------ChangeLog: * Wed Apr 3 2019 Remi Collet - 7.2.17-1 - Update to 7.2.17 - https://www.php.net/releases/7_2_17.php * Wed Mar 6 2019 Remi Collet - 7.2.16-1 - Update to 7.2.16 - https://www.php.net/releases/7_2_16.php - add upstream patch for OpenSSL 1.1.1b - adapt systzdata patch (v17) * Wed Feb 6 2019 Remi Collet - 7.2.15-1 - Update to 7.2.15 - https://www.php.net/releases/7_2_15.php * Tue Jan 8 2019 Remi Collet -7.2.14-1 - Update to 7.2.14 - https://www.php.net/releases/7_2_14.php * Sat Dec 8 2018 Remi Collet - 7.2.13-2 - Fix null pointer dereference in imap_mail CVE-2018-19935 * Wed Dec 5 2018 Remi Collet - 7.2.13-1 - Update to 7.2.13 - https://www.php.net/releases/7_2_13.php * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php * Tue Sep 11 2018 Remi Collet - 7.2.10-1 - Update to 7.2.10 - https://www.php.net/releases/7_2_10.php * Thu Aug 16 2018 Remi Collet - 7.2.9-1 - Update to 7.2.9 - https://www.php.net/releases/7_2_9.php * Tue Jul 17 2018 Remi Collet - 7.2.8-1 - Update to 7.2.8 - https://www.php.net/releases/7_2_8.php - FPM: add getallheaders, backported from 7.3 * Wed Jun 20 2018 Remi Collet - 7.2.7-1 - Update to 7.2.7 - https://www.php.net/releases/7_2_7.php * Wed May 23 2018 Remi Collet - 7.2.6-1 - Update to 7.2.6 - https://www.php.net/releases/7_2_6.php * Tue Apr 24 2018 Remi Collet - 7.2.5-1 - Update to 7.2.5 - https://www.php.net/releases/7_2_5.php * Wed Apr 11 2018 Remi Collet - 7.2.5~RC1-1 - update to 7.2.5RC1 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-253da50ddd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 12, 2019
•Critical
Fedora
89
security advisorysoftware updateFedoraFedora: 2019-253da50ddd Critical Updates for PHP 7.2.17 Bug Fixes
**PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** *. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-253da50ddd 2019-04-13 01:29:51.120019 --------------------------------------------------------------------------------Name : php Product : Fedora 28 Version : 7.2.17 Release : 1.fc28 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.17** (04 Apr 2019) **Core:** * Fixed bug php#77738 (Nullptr deref in zend_compile_expr). (Laruence) * Fixed bug php#77660 (Segmentation fault on break 2147483648). (Laruence) * Fixed bug php#77652 (Anonymous classes can lose their interface information). (Nikita) * Fixed bug php#77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) **Bcmath:** * Fixed bug php#77742 (bcpow() implementation related to gcc compiler optimization). (Nikita) **COM:** * Fixed bug php#77578 (Crash when php unload). (cmb) **Date:** * Fixed bug php#50020 (DateInterval:createDateFromString() silently fails). (Derick) * Fixed bug php#75113 (Added DatePeriod::getRecurrences() method). (Ignace Nyamagana Butera) **EXIF:** * Fixed bug php#77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas) * Fixed bug php#77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas) **FPM:** * Fixed bug php#77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) **GD:** * Fixed bug php#77700 (Writing truecolor images as GIF ignores interlace flag). (cmb) **MySQLi:** * Fixed bug php#77597 (mysqli_fetch_field hangs scripts). (Nikita) **Opcache:** * Fixed bug php#77691 (Opcache passes wrong value for inline array push assignments). (Nikita) * Fixed bug php#77743 (Incorrect pi node insertion for jmpznz with identical successors). (Nikita) **phpdbg:** * Fixed bug php#77767 (phpdbg break cmd aliases listed in help do not match actual aliases). (Miriam Lauter) **sodium:** * Fixed bug php#77646 (sign_detached() strings not terminated). (Frank) **SQLite3:** * Added sqlite3.defensive INI directive. (BohwaZ) **Standard:** * Fixed bug php#77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) * Fixed bug php#77669 (Crash in extract() when overwriting extracted array). (Nikita) * Fixed bug php#76717 (var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) * Fixed bug php#77765 (FTP stream wrapper should set the directory as executable). (Vlad Temian) --------------------------------------------------------------------------------ChangeLog: * Wed Apr 3 2019 Remi Collet - 7.2.17-1 - Update to 7.2.17 - https://www.php.net/releases/7_2_17.php * Wed Mar 6 2019 Remi Collet - 7.2.16-1 - Update to 7.2.16 - https://www.php.net/releases/7_2_16.php - add upstream patch for OpenSSL 1.1.1b - adapt systzdata patch (v17) * Wed Feb 6 2019 Remi Collet - 7.2.15-1 - Update to 7.2.15 - https://www.php.net/releases/7_2_15.php * Tue Jan 8 2019 Remi Collet -7.2.14-1 - Update to 7.2.14 - https://www.php.net/releases/7_2_14.php * Sat Dec 8 2018 Remi Collet - 7.2.13-2 - Fix null pointer dereference in imap_mail CVE-2018-19935 * Wed Dec 5 2018 Remi Collet - 7.2.13-1 - Update to 7.2.13 - https://www.php.net/releases/7_2_13.php * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php * Tue Sep 11 2018 Remi Collet - 7.2.10-1 - Update to 7.2.10 - https://www.php.net/releases/7_2_10.php * Thu Aug 16 2018 Remi Collet - 7.2.9-1 - Update to 7.2.9 - https://www.php.net/releases/7_2_9.php * Tue Jul 17 2018 Remi Collet - 7.2.8-1 - Update to 7.2.8 - https://www.php.net/releases/7_2_8.php - FPM: add getallheaders, backported from 7.3 * Wed Jun 20 2018 Remi Collet - 7.2.7-1 - Update to 7.2.7 - https://www.php.net/releases/7_2_7.php * Wed May 23 2018 Remi Collet - 7.2.6-1 - Update to 7.2.6 - https://www.php.net/releases/7_2_6.php * Tue Apr 24 2018 Remi Collet - 7.2.5-1 - Update to 7.2.5 - https://www.php.net/releases/7_2_5.php * Wed Apr 11 2018 Remi Collet - 7.2.5~RC1-1 - update to 7.2.5RC1 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-253da50ddd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 12, 2019
•Critical
Fedora
89
security advisoryfedoracriticalFedora 29 PHP Update: FEDORA-2018-08ceba4f8f Critical Bugs Fixed
**PHP version 7.2.12** (08 Nov 2018) **Core:** * Fixed bug php#76846 (Segfault in shutdown function after memory limit error). (Nikita) * Fixed bug php#76946 (Cyclic reference in generator not detected). (Nikita) * Fixed bug php#77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot) * Fixed bug php#77041 (buildconf should output error messages to stderr) (Mizunashi. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-08ceba4f8f 2018-11-16 04:48:33.983805 --------------------------------------------------------------------------------Name : php Product : Fedora 29 Version : 7.2.12 Release : 1.fc29 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.12** (08 Nov 2018) **Core:** * Fixed bug php#76846 (Segfault in shutdown function after memory limit error). (Nikita) * Fixed bug php#76946 (Cyclic reference in generator not detected). (Nikita) * Fixed bug php#77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot) * Fixed bug php#77041 (buildconf should output error messages to stderr) (Mizunashi Mana) **Date:** * Upgraded timelib to 2017.08. (Derick) * Fixed bug php#75851 (Year component overflow with date formats "c", "o", "r" and "y"). (Adam Saponara) *Fixed bug php#77007 (fractions in `diff()` are not correctly normalized). (Derick) **FCGI:** * Fixed php#76948 (Failed shutdown/reboot or end session in Windows). (Anatol) * Fixed bug php#76954 (apache_response_headers removes last character from header name). (stodorovic) **FTP:** * Fixed bug php#76972 (Data truncation due to forceful ssl socket shutdown). (Manuel Mausz) **intl:** * Fixed bug php#76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org) **Reflection:** * Fixed bug php#76936 (Objects cannot access their private attributes while handling reflection errors). (Nikita) * Fixed bug php#66430 (ReflectionFunction::invoke does not invoke closure with object scope). (Nikita) **Sodium:** * Some base64 outputs were truncated; this is not the case any more. (jedisct1) * block sizes > = 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed. (jedisct1) * Fixed bug php#77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input). (jedisct1) **Standard:** * Fixed bug php#76965 (INI_SCANNER_RAW doesn't strip trailing whitespace). (Pierrick) **Tidy:** * Fixed bug php#77027 (tidy::getOptDoc() not available on Windows). (cmb) **XML:** * Fixed bug php#30875 (xml_parse_into_struct() does not resolve entities). (cmb) * Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb) **XMLRPC:** * Fixed bug php#75282 (xmlrpc_encode_request() crashes). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Fri Nov 2 2018 Remi Collet - 7.2.12-0.1.RC1 - rebuild * Tue Oct 23 2018 Remi Collet - 7.2.12~RC1-1 - update to 7.2.12RC1 * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 -https://www.php.net/releases/7_2_11.php --------------------------------------------------------------------------------References: [ 1 ] Bug #1649481 - php: memory leak in the garbage collector when using cyclic references https://bugzilla.redhat.com/show_bug.cgi?id=1649481 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-08ceba4f8f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 16, 2018
•Critical
Fedora
89
security advisoryFedoraphpFedora 23 Advisory: Critical Core Bug Fixes for PHP 5.6.14 Released
01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam) **CLI server:** * Fixed bug php#68291 (404 on urls with '+'). (cmb) **DOM:** * Fixed bug php#70001 (Assigning to DOMNode::textContent does additional entity encoding). (cmb) **Mysqlnd:** * Fixed bug php#70456 (mysqlnd doesn't activate. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-f82917c70c 2015-10-13 00:04:05.734996 -------------------------------------------------------------------------------- Name : php Product : Fedora 23 Version : 5.6.14 Release : 1.fc23 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: 01 Oct 2015, **PHP 5.6.14** **Core:** * Fixed bug php#70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam) **CLI server:** * Fixed bug php#68291 (404 on urls with '+'). (cmb) **DOM:** * Fixed bug php#70001 (Assigning to DOMNode::textContent does additional entity encoding). (cmb) **Mysqlnd:** * Fixed bug php#70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server). (Sergei Turchanov) **OpenSSL:** * Fixed bug php#55259 (openssl extension does not get the DH parameters from DH key resource). (Jakub Zelenka) * Fixed bug php#70395(Missing ARG_INFO for openssl_seal()). (cmb) * Fixed bug php#60632 (openssl_seal fails with AES). (Jakub Zelenka) * Fixed bug php#68312 (Lookup for openssl.cnf causes a message box). (Anatol) **PDO:** * Fixed bug php#70389 (PDO constructor changes unrelated variables). (Laruence) **Phar:** * Fixed bug php#69720 (Null pointer dereference in phar_get_fp_offset()). (Stas) * Fixed bug php#70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). (Stas) **Phpdbg:** * Fix phpdbg_break_next() sometimes not breaking. (Bob) **Standard:** * Fixed bug php#67131 (setcookie() conditional for empty values not met). (cmb) **Streams:** * Fixed bug php#70361 (HTTP stream wrapper doesn't close keep-alive connections). (Niklas Keller) -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 13, 2015
•Critical
Fedora
89
security advisoryfedorakdebaseFedora: FEDORA-2004-293 Severe: Kdebase Multiple Issues
Several KDE vulnerabilities.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-293 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kdebase Version : 3.2.2 Release : 6.FC2 Summary : K Desktop Environment - core files Description : Core applications for the K Desktop Environment. Included are: kdm (replacement for xdm), kwin (window manager), konqueror (filemanager, web browser, ftp client, ...), konsole (xterm replacement), kpanel (application starter and desktop pager), kaudio (audio server), kdehelp (viewer for kde help files, info and man pages), kthememgr (system for managing alternate theme packages) plus other KDE components (kcheckpass, kikbd, kscreensaver, kcontrol, kfind, kfontmanager, kmenuedit). --------------------------------------------------------------------- Update Information: Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of adifferent browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. --------------------------------------------------------------------- * Mon Sep 06 2004 Than Ngo 6:3.2.2-6.FC2 - fix a bug in keyboard layout with xorg.x11, bug #121950 - fix df problem on AFS * Wed Sep 01 2004 Than Ngo 6:3.2.2-5.FC2 - Konqueror Frame Injection Vulnerability, CAN-2004-0721 --------------------------------------------------------------------- This update can be downloaded from: 80f87d426b760776fc7fc03653ad30a6 SRPMS/kdebase-3.2.2-6.FC2.src.rpm 6bbf33f60b428bc3f2e0fac4fa09b64f x86_64/kdebase-3.2.2-6.FC2.x86_64.rpm 8eb7ca6d4dd1557114980885744ecdfd x86_64/kdebase-devel-3.2.2-6.FC2.x86_64.rpm 4e9b9094fc7abd21083de2c17b9f51f0 x86_64/debug/kdebase-debuginfo-3.2.2-6.FC2.x86_64.rpm a05b23c8202566417a5bc2d3a3a5cd88 i386/kdebase-3.2.2-6.FC2.i386.rpm bc6d4263395d4af1a4b89503ff4a8e28 i386/kdebase-devel-3.2.2-6.FC2.i386.rpm 1835604099fdd8c8ed532f5c15709c0d i386/debug/kdebase-debuginfo-3.2.2-6.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Secure your KDE on Fedora Core 2 by backing up, updating packages, applying patches, reconfiguring settings, and monitoring updates regularly for safety. KDESecurity,FedoraUpdates,KDEVulnerabilities,LocalAttacker,FrameInjection. . LinuxSecurity.com Team
Sep 08, 2004
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!