You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-05-02 14:34:59.815272

Name : php
Product : Fedora 23
Version : 5.6.21
Release : 1.fc23
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with
empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval)
is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod
accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** *
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael
Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation
fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read
access in exif header processing). (Stas) **GD:** * Fixed bug #71952
(Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd:
signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds
reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed
bug #71422 (Fix ORA-01438: value larger than specified precision allowed for
this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script hangs after
max_execution_time). (Remi) **Opcache:** * Fixed bug #71843 (null ptr deref
ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) **PDO:** * Fixed bug #52098 (Own
PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) *
Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
**Postgres:** * Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol) **SPL:** * Fixed bug #67582 (Cloned SplObjectStorage
with overwritten getHash fails offsetExists()). (Nikita) **Standard:** * Fixed
bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) * Fixed bug
#67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not
defined). (Nikita) **XML:** * Fixed bug #72099 (xml_parse_into_struct
segmentation fault). (Stas)

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorAndrej Sefic
Cert idNCERT-REF-2016-05-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa poppler

Otkriveni su sigurnosni nedostaci u programskom paketu poppler za operativni sustav Ubuntu. Ranjivosti su posljedica neispravnog rukovanja naziva datoteka zbog...