--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-7a30285647
2016-10-22 12:48:07.766981
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 24
Version     : 5.6.27
Release     : 1.fc24
URL         : https://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

13 Oct 2016 - **PHP version 5.6.27**  **Core:**  * Fixed bug php#73025 (Heap
Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug
php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#72703
(Out of bounds global memory read in BF_crypt triggered by password_verify).
(Anatol) * Fixed bug php#73189 (Memcpy negative size parameter
php_resolve_path). (Stas) * Fixed bug php#73147 (Use After Free in
unserialize()). (Stas)  **BCmath:**  * Fixed bug php#73190 (memcpy negative
parameter _bc_new_num_ex). (Stas)  **DOM:**  * Fixed bug php#73150 (missing NULL
check in dom_document_save_html). (Stas)  **Ereg:**  * Fixed bug php#73284 (heap
overflow in php_ereg_replace function). (Stas)  **Filter:**  * Fixed bug
php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug php#67167 (Wrong return value
from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb) * Fixed bug
php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:**  * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in
palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent
background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in
gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox
gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug
php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug
php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug
php#73159 (imagegd2(): unrecognized formats may result in corrupted files).
(cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:**  * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Imap:**  * Fixed bug php#73208 (integer overflow in imap_8bit caused heap
corruption). (Stas)  **Mbstring:**  * Fixed bug php#72994 (mbc_to_code() out of
bounds read). (Laruence, cmb) * Fixed bug php#66964 (mb_convert_variables()
cannot detect recursion). (Yasuo) * Fixed bug php#72992
(mbstring.internal_encoding doesn't inherit default_charset). (Yasuo) * Fixed
bug php#73082 (string length overflow in mb_encode_* function). (Stas)
**PCRE:**  * Fixed bug php#73174 (heap overflow in php_pcre_replace_impl).
(Stas)  **Opcache:**  * Fixed bug php#72590 (Opcache restart with
kill_all_lockers does not work). (Keyur) (julien backport)  **OpenSSL:**  *
Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub
Zelenka) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas) *
Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
**Session:**  * Fixed bug php#68015 (Session does not report invalid uid for
files save handler). (Yasuo) * Fixed bug php#73100 (session_destroy null
dereference in ps_files_path_create). (cmb)  **SimpleXML:**  * Fixed bug
php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
**SPL:**  * Fixed bug php#73073 (CachingIterator null dereference when convert
to string). (Stas)  **Standard:**  * Fixed bug php#73240 (Write out of bounds at
number_format). (Stas) * Fixed bug php#73017 (memory corruption in wordwrap
function). (Stas)  **Stream:**  * Fixed bug php#73069 (readfile() mangles files
larger than 2G). (Laruence)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 24: php Security Update 2016-7a30285647

October 22, 2016
13 Oct 2016 - **PHP version 5.6.27** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

13 Oct 2016 - **PHP version 5.6.27** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol) * Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas) * Fixed bug php#73147 (Use After Free in unserialize()). (Stas) **BCmath:** * Fixed bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas) **DOM:** * Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas) **Ereg:** * Fixed bug php#73284 (heap overflow in php_ereg_replace function). (Stas) **Filter:** * Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug php#67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb) * Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb) **GD:** * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb) **Intl:** * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas) **Imap:** * Fixed bug php#73208 (integer overflow in imap_8bit caused heap corruption). (Stas) **Mbstring:** * Fixed bug php#72994 (mbc_to_code() out of bounds read). (Laruence, cmb) * Fixed bug php#66964 (mb_convert_variables() cannot detect recursion). (Yasuo) * Fixed bug php#72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo) * Fixed bug php#73082 (string length overflow in mb_encode_* function). (Stas) **PCRE:** * Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas) **Opcache:** * Fixed bug php#72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport) **OpenSSL:** * Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas) * Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas) **Session:** * Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo) * Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb) **SimpleXML:** * Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas) **SPL:** * Fixed bug php#73073 (CachingIterator null dereference when convert to string). (Stas) **Standard:** * Fixed bug php#73240 (Write out of bounds at number_format). (Stas) * Fixed bug php#73017 (memory corruption in wordwrap function). (Stas) **Stream:** * Fixed bug php#73069 (readfile() mangles files larger than 2G). (Laruence)

Change Log

References

Fedora Update Notification FEDORA-2016-7a30285647 2016-10-22 12:48:07.766981 Name : php Product : Fedora 24 Version : 5.6.27 Release : 1.fc24 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php
Product : Fedora 24
Version : 5.6.27
Release : 1.fc24
URL : https://www.php.net/
Summary : PHP scripting language for creating dynamic web sites

Related News

21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved