Stay Secure with the Latest Linux Advisories

security advisorysecurity updateFedora

Fedora: 2019-a6511b0eed Critical: PHP Memory Overflow Fix

**PHP version 7.2.14** (10 Jan 2019) **Core:** * Fixed bug php#77369 (memcpy with negative length via crafted DNS response). (Stas) * Fixed bug php#71041 (zend_signal_startup() needs ZEND_API). (Valentin V. Bartenev) * Fixed bug php#76046 (PHP generates "FE_FREE" opcode on the wrong line). (Nikita) **Date:** * Fixed bug php#77097 (DateTime::diff gives wrong diff when the. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-a6511b0eed 2019-01-19 01:54:15.524961 --------------------------------------------------------------------------------Name : php Product : Fedora 28 Version : 7.2.14 Release : 1.fc28 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.2.14** (10 Jan 2019) **Core:** * Fixed bug php#77369 (memcpy with negative length via crafted DNS response). (Stas) * Fixed bug php#71041 (zend_signal_startup() needs ZEND_API). (Valentin V. Bartenev) * Fixed bug php#76046 (PHP generates "FE_FREE" opcode on the wrong line). (Nikita) **Date:** * Fixed bug php#77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second). (Derick) **Exif:** * Fixed bug php#77184 (Unsigned rational numbers are written out as signed rationals). (Colin Basnett) **Opcache:** * Fixed bug php#77215 (CFGassertion failure on multiple finalizing switch frees in one block). (Nikita) **PDO:** * Handle invalid index passed to PDOStatement::fetchColumn() as error. (Sergei Morozov) **Phar:** * Fixed bug php#77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas) **Sockets:** * Fixed bug php#77136 (Unsupported IPV6_RECVPKTINFO constants on macOS). (Mizunashi Mana) **SQLite3:** * Fixed bug php#77051 (Issue with re-binding on SQLite3). (BohwaZ) **Xmlrpc:** * Fixed bug php#77242 (heap out of bounds read in xmlrpc_decode()). (cmb) * Fixed bug php#77380 (Global out of bounds read in xmlrpc base64 code). (Stas) --------------------------------------------------------------------------------ChangeLog: * Tue Jan 8 2019 Remi Collet - 7.2.14-1 - Update to 7.2.14 - https://www.php.net/releases/7_2_14.php * Sat Dec 8 2018 Remi Collet - 7.2.13-2 - Fix null pointer dereference in imap_mail CVE-2018-19935 * Wed Dec 5 2018 Remi Collet - 7.2.13-1 - Update to 7.2.13 - https://www.php.net/releases/7_2_13.php * Tue Nov 6 2018 Remi Collet - 7.2.12-1 - Update to 7.2.12 - https://www.php.net/releases/7_2_12.php * Wed Oct 10 2018 Remi Collet - 7.2.11-1 - Update to 7.2.11 - https://www.php.net/releases/7_2_11.php * Tue Sep 11 2018 Remi Collet - 7.2.10-1 - Update to 7.2.10 - https://www.php.net/releases/7_2_10.php * Thu Aug 16 2018 Remi Collet - 7.2.9-1 - Update to 7.2.9 - https://www.php.net/releases/7_2_9.php * Tue Jul 17 2018 Remi Collet - 7.2.8-1 - Update to 7.2.8 - https://www.php.net/releases/7_2_8.php - FPM: add getallheaders, backported from 7.3 * Wed Jun 20 2018 Remi Collet - 7.2.7-1 - Update to 7.2.7 - https://www.php.net/releases/7_2_7.php * Wed May 23 2018 Remi Collet - 7.2.6-1 - Update to 7.2.6 - https://www.php.net/releases/7_2_6.php * Tue Apr 24 2018 Remi Collet - 7.2.5-1 - Update to 7.2.5 - https://www.php.net/releases/7_2_5.php * Wed Apr 11 2018 Remi Collet - 7.2.5~RC1-1 - update to7.2.5RC1 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-a6511b0eed' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical update for PHP in Fedora fixing memory overflow and other issues. Upgrade to version 7.2.14 to secure.. PHP Update, Fedora Security, PHP Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Jan 19, 2019 •Critical Fedora