You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2015-05-16 08:31:44

Name : php
Product : Fedora 22
Version : 5.6.9
Release : 1.fc22
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

14 May 2015, **PHP 5.6.9**

* Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
* Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
* Fixed bug #60022 (“use statement […] has no effect” depends on leading backslash). (Nikita)
* Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
* Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
* Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
* Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
* Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
* Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
* Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
* Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)

* Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)

* Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)
* Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)
* Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)

* Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)

* Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)

* Upgraded pcrelib to 8.37.

* Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)


* Fri May 15 2015 Remi Collet <> 5.6.9-1
– Update to 5.6.9
– adapt systzdata patch for upstream changes for new zic

[ 1 ] Bug #1222485 – CVE-2015-4024 PHP Multipart/form-data remote dos Vulnerability
[ 2 ] Bug #1223412 – CVE-2015-4022 php: integer overflow on reading FTP server data leading to heap overflow
[ 3 ] Bug #1223425 – CVE-2015-4021 php: memory corruption in phar_parse_tarfile when entry filename starts with NULL
[ 4 ] Bug #1223408 – CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+
[ 5 ] Bug #1223422 – CVE-2015-4026 php: pcntl_exec() does not check path validity

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2015-05-0029-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa Xen

Otkriveni su sigurnosni nedostaci u programskom paketu Xen za operacijski sustav Suse. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...