You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa php

Sigurnosni nedostatak programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-10-31 00:56:56.732896

Name : php
Product : Fedora 31
Version : 7.3.11
Release : 1.fc31
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535
(auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug
php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug
php#78442 (‘Illegal component’ on exif_read_data since PHP7) (Kalle) **FPM:**
* Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(**CVE-2019-11043**) (Jakub Zelenka) * Fixed bug php#78413
(request_terminate_timeout does not take effect after fastcgi_finish_request).
(Sergei Turchanov) **MBString:** * Fixed bug php#78579
(mb_decode_numericentity: args number inconsistency). (cmb) * Fixed bug
php#78609 (mb_check_encoding() no longer supports stringable objects). (cmb)
**MySQLi:** * Fixed bug php#76809 (SSL settings aren’t respected when
persistent connections are used). (fabiomsouto) **Mysqlnd:** * Fixed bug
php#78525 (Memory leak in pdo when reusing native prepared statements). (Nikita)
**PCRE:** * Fixed bug php#78272 (calling preg_match() before pcntl_fork() will
freeze child process). (Nikita) **PDO_MySQL:** * Fixed bug php#78623
(Regression caused by “SP call yields additional empty result set”). (cmb)
**Session:** * Fixed bug php#78624 (session_gc return value for user defined
session handlers). (bshaffer) **Standard:** * Fixed bug php#76342
(file_get_contents waits twice specified timeout). (Thomas Calvet) * Fixed bug
php#78612 (strtr leaks memory when integer keys are used and the subject string
shorter). (Nikita) * Fixed bug php#76859 (stream_get_line skips data if used
with data-generating filter). (kkopachev) **Zip:** * Fixed bug php#78641
(addGlob can modify given remove_path value). (cmb)

* Tue Oct 22 2019 Remi Collet <> – 7.3.11-1
– Update to 7.3.11 –

[ 1 ] Bug #1766378 – CVE-2019-11043 php: underflow in env_path_info in fpm_main.c

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-4adc49a476’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorToni Vugdelija
Cert idNCERT-REF-2019-10-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa binutils

Otkriveni su sigurnosni nedostaci u programskom paketu binutils za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...