You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-05-12 01:26:10.554790

Name : php
Product : Fedora 22
Version : 5.6.21
Release : 1.fc22
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

28 Apr 2016, **PHP 5.6.21** ** Core: ** * Fixed bug #69537 (__debugInfo with
empty string for key gives error). (krakjoe) * Fixed bug #71841 (EG(error_zval)
is not handled well). (Laruence) **BCmath:** * Fixed bug #72093 (bcpowmod
accepts negative scale and corrupts _one_ definition). (Stas) **Curl:** *
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string). (Michael
Sierks) **Date:** * Fixed bug #71889 (DateInterval::format Segmentation
fault). (Thomas Punt) **EXIF:** * Fixed bug #72094 (Out of bounds heap read
access in exif header processing). (Stas) **GD:** * Fixed bug #71952
(Corruption inside imageaffinematrixget). (Stas) * Fixed bug #71912 (libgd:
signedness vulnerability). (Stas) **Intl:** * Fixed bug #72061 (Out-of-bounds
reads in zif_grapheme_stripos with negative offset). (Stas) **OCI8:** * Fixed
bug #71422 (Fix ORA-01438: value larger than specified precision allowed for
this column). (Chris Jones) **ODBC:** * Fixed bug #63171 (Script hangs after
max_execution_time). (Remi) **Opcache:** * Fixed bug #71843 (null ptr deref
ZEND_RETURN_SPEC_CONST_HANDLER). (Laruence) **PDO:** * Fixed bug #52098 (Own
PDOStatement implementation ignore __call()). (Daniel Kalaspuffar, Julien) *
Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
**Postgres:** * Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol) **SPL:** * Fixed bug #67582 (Cloned SplObjectStorage
with overwritten getHash fails offsetExists()). (Nikita) **Standard:** * Fixed
bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence) * Fixed bug
#67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not
defined). (Nikita) **XML:** * Fixed bug #72099 (xml_parse_into_struct
segmentation fault). (Stas)

[ 1 ] Bug #1332877 – CVE-2016-4539 php: Malformed input causes segmentation fault in xml_parse_into_struct() function
[ 2 ] Bug #1332872 – CVE-2016-4540 CVE-2016-4541 php: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset
[ 3 ] Bug #1332865 – CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
[ 4 ] Bug #1332860 – CVE-2016-4537 CVE-2016-4538 php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2016-05-0069-ADV
More in Preporuke
Sigurnosni nedostaci u jezgri operacijskog sustava

Otkriven je sigurnosni nedostatak u jezgri operacijskog sustava Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje informacija. Svim korisnicima savjetuje se...