You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

——————————————————————————–
Fedora Update Notification
FEDORA-2015-11581
2015-07-14 12:24:25
——————————————————————————–

Name : php
Product : Fedora 21
Version : 5.6.11
Release : 1.fc21
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

10 Jul 2015, **PHP 5.6.11**

**Core:**
* Fixed bug #69768 (escapeshell*() doesn’t cater to !). (cmb)
* Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle)
* Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry)
* Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski)
* Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker)
* Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as “Business”). (Christian Wenz)
* Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita)
* Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz)
* Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
* Fixed bug #69874 (Can’t set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo)

**GD:**
* Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)

**GMP:**
* Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). (Nikita)

**PCRE:**
* Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb)
* Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)

**PDO_pgsql:**
* Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter)
* Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo)
* Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo)

**SimpleXML:**
* Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker)

**SPL:**
* Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas)
* Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
* Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence)

**Sqlite3:**
* Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence)

——————————————————————————–
ChangeLog:

* Sun Jul 12 2015 Remi Collet <remi@fedoraproject.org> 5.6.11-1
– Update to 5.6.11
http://www.php.net/releases/5_6_11.php
– the phar link is now correctly created
* Thu Jun 11 2015 Remi Collet <remi@fedoraproject.org> 5.6.10-1
– Update to 5.6.10
http://www.php.net/releases/5_6_10.php
– add explicit spec license (implicit by FPCA)
– opcache is now 7.0.6-dev
* Fri May 15 2015 Remi Collet <remi@fedoraproject.org> 5.6.9-1
– Update to 5.6.9
http://www.php.net/releases/5_6_9.php
– adapt systzdata patch for upstream changes for new zic
* Thu Apr 16 2015 Remi Collet <remi@fedoraproject.org> 5.6.8-1
– Update to 5.6.8
http://www.php.net/releases/5_6_8.php
* Fri Mar 20 2015 Remi Collet <remi@fedoraproject.org> 5.6.7-1
– Update to 5.6.7
http://www.php.net/releases/5_6_7.php
* Thu Feb 19 2015 Remi Collet <remi@fedoraproject.org> 5.6.6-1
– Update to 5.6.6
http://www.php.net/releases/5_6_6.php
* Thu Jan 22 2015 Remi Collet <remi@fedoraproject.org> 5.6.5-1
– Update to 5.6.5
http://www.php.net/releases/5_6_5.php
– FPM: enable ACL support for Unix Domain Socket
* Wed Dec 17 2014 Remi Collet <remi@fedoraproject.org> 5.6.4-2
– Update to 5.6.4 (real)
http://www.php.net/releases/5_6_4.php
– php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet <remi@fedoraproject.org> 5.6.4-1
– Update to 5.6.4
http://www.php.net/releases/5_6_4.php
* Fri Nov 28 2014 Remi Collet <rcollet@redhat.com> 5.6.4-0.1.RC1
– php 5.6.4RC1
* Mon Nov 17 2014 Remi Collet <remi@fedoraproject.org> 5.6.3-4
– FPM: add upstream patch for https://bugs.php.net/68428
listen.allowed_clients is IPv4 only
* Mon Nov 17 2014 Remi Collet <remi@fedoraproject.org> 5.6.3-3
– sync php-fpm configuration with upstream
– refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet <remi@fedoraproject.org> 5.6.3-2
– FPM: add upstream patch for https://bugs.php.net/68421
access.format=R doesn’t log ipv6 address
– FPM: add upstream patch for https://bugs.php.net/68420
listen=9000 listens to ipv6 localhost instead of all addresses
– FPM: add upstream patch for https://bugs.php.net/68423
will no longer load all pools
* Thu Nov 13 2014 Remi Collet <remi@fedoraproject.org> 5.6.3-1
– Update to PHP 5.6.3
http://php.net/releases/5_6_3.php
* Fri Oct 31 2014 Remi Collet <rcollet@redhat.com> 5.6.3-0.2.RC1
– php 5.6.3RC1 (refreshed, phpdbg changes reverted)
– new version of systzdata patch, fix case sensitivity
– ignore Factory in date tests
* Wed Oct 29 2014 Remi Collet <rcollet@redhat.com> 5.6.3-0.1.RC1
– php 5.6.3RC1
– disable opcache.fast_shutdown in default config
– enable phpdbg_webhelper new extension (in php-dbg)
——————————————————————————–
References:

[ 1 ] Bug #1245236 – CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file
https://bugzilla.redhat.com/show_bug.cgi?id=1245236
[ 2 ] Bug #1245242 – CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath
https://bugzilla.redhat.com/show_bug.cgi?id=1245242
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa hplip

Otkriven je sigurnosni nedostatak u programskom paketu hplip za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje da generiranjem ključa...

Close