You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-02-20 04:53:29

Name : php
Product : Fedora 21
Version : 5.6.6
Release : 1.fc21
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

19 Feb 2015, PHP 5.6.6

* Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas)
* Fixed bug #67068 (getClosure returns somethings that’s not a closure). (Danack at basereality dot com)
* Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas)
* Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas)
* Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo)
* Added NULL byte protection to exec, system and passthru. (Yasuo)

* Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

* Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (Antony)

* Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
* Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol)
* Fixed bug #68731 (finfo_buffer doesn’t extract the correct mime with some gifs). (Anatol)

* Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
* Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence)

* Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen)

* Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
* Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)

* Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence)

* Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198 at aol dot com)

* Fixed bug #68901 (use after free). (bugreports at internot dot info)

* Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

* Fixed bug #68941 ( is a bash-script) (bugzilla at, Yasuo)
* Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
* Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

* Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)

* Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey)
* Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). (Anatol)

* Fixed bug which caused call after final close on streams filter. (Bob)


* Thu Feb 19 2015 Remi Collet <> 5.6.6-1
– Update to 5.6.6
* Thu Jan 22 2015 Remi Collet <> 5.6.5-1
– Update to 5.6.5
– FPM: enable ACL support for Unix Domain Socket
* Wed Dec 17 2014 Remi Collet <> 5.6.4-2
– Update to 5.6.4 (real)
– php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet <> 5.6.4-1
– Update to 5.6.4
* Fri Nov 28 2014 Remi Collet <> 5.6.4-0.1.RC1
– php 5.6.4RC1
* Mon Nov 17 2014 Remi Collet <> 5.6.3-4
– FPM: add upstream patch for
listen.allowed_clients is IPv4 only
* Mon Nov 17 2014 Remi Collet <> 5.6.3-3
– sync php-fpm configuration with upstream
– refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet <> 5.6.3-2
– FPM: add upstream patch for
access.format=R doesn’t log ipv6 address
– FPM: add upstream patch for
listen=9000 listens to ipv6 localhost instead of all addresses
– FPM: add upstream patch for
will no longer load all pools
* Thu Nov 13 2014 Remi Collet <> 5.6.3-1
– Update to PHP 5.6.3
* Fri Oct 31 2014 Remi Collet <> 5.6.3-0.2.RC1
– php 5.6.3RC1 (refreshed, phpdbg changes reverted)
– new version of systzdata patch, fix case sensitivity
– ignore Factory in date tests
* Wed Oct 29 2014 Remi Collet <> 5.6.3-0.1.RC1
– php 5.6.3RC1
– disable opcache.fast_shutdown in default config
– enable phpdbg_webhelper new extension (in php-dbg)

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2015-02-0019-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa sox

Otkriveni su sigurnosni nedostaci u programskom paketu sox za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju pristup dijelovima memorije...