You are here
Home > Preporuke > Ispravljeni višestruki propusti programskog paketa php

Ispravljeni višestruki propusti programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-10-18 11:24:07.156521

Name : php
Product : Fedora 25
Version : 7.0.12
Release : 2.fc25
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

13 Oct 2016 – **PHP version 7.0.12** **Core:** * Fixed bug php#73025 (Heap
Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug
php#72703 (Out of bounds global memory read in BF_crypt triggered by
password_verify). (Anatol) * Fixed bug php#73058 (crypt broken when salt is
‘too’ long). (Anatol) * Fixed bug php#69579 (Invalid free in extension trait).
(John Boehr) * Fixed bug php#73156 (segfault on undefined function). (Dmitry) *
Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef
const in default value). (Nikita) * Fixed bug php#73172 (parse error: Invalid
numeric literal). (Nikita, Anatol) * Fixed for php#73240 (Write out of bounds at
number_format). (Stas) * Fixed bug php#73147 (Use After Free in PHP7
unserialize()). (Stas) * Fixed bug php#73189 (Memcpy negative size parameter
php_resolve_path). (Stas) **BCmath:** * Fix bug php#73190 (memcpy negative
parameter _bc_new_num_ex). (Stas) **Date:** * Fixed bug php#73091
(Unserializing DateInterval object may lead to __toString invocation). (Stas)
**DOM:** * Fixed bug php#73150 (missing NULL check in dom_document_save_html).
(Stas) **Filter:** * Fixed bug php#72972 (Bad filter for the flags
php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:** * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in
palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent
background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in
gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox
gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug
php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug
php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug
php#73159 (imagegd2(): unrecognized formats may result in corrupted files).
(cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:** * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Mbstring:** * Fixed bug php#66797 (mb_substr only takes 32-bit signed
integer). (cmb) * Fixed bug php#66964 (mb_convert_variables() cannot detect
recursion) (Yasuo) * Fixed bug php#72992 (mbstring.internal_encoding doesn’t
inherit default_charset). (Yasuo) **Mysqlnd:** * Fixed bug php#72489 (PHP
Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)
**Opcache:** * Fixed bug php#72982 (Memory leak in
zend_accel_blacklist_update_regexp() function). (Laruence) **OpenSSL:** *
Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub
Zelenka) * Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function).
(Stas) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)
**PCRE:** * Fixed bug php#73121 (Bundled PCRE doesn’t compile because JIT isn’t
supported on s390). (Anatol) * Fixed bug php#73174 (heap overflow in
php_pcre_replace_impl). (Stas) **PDO_DBlib:** * Fixed bug php#72414 (Never
quote values as raw binary data). (Adam Baratz) * Allow \PDO::setAttribute() to
set query timeouts. (Adam Baratz) * Handle SQLDECIMAL/SQLNUMERIC types, which
are used by later TDS versions. (Adam Baratz) * Add common PDO test suite. (Adam
Baratz) * Free error and message strings when cleaning up PDO instances. (Adam
Baratz) * Fixed bug php#67130 (\PDOStatement::nextRowset() should succeed when
all rows in current rowset haven’t been fetched). (Peter LeBrun) * Ignore
potentially misleading dberr values. (Chris Kings-Lynne) **phpdbg:** * Fixed
bug php#72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita) * Fixed
next command not stopping when leaving function. (Bob) **Session:** * Fixed
bug php#68015 (Session does not report invalid uid for files save handler).
(Yasuo) * Fixed bug php#73100 (session_destroy null dereference in
ps_files_path_create). (cmb) **SimpleXML:** * Fixed bug php#73293 (NULL
pointer dereference in SimpleXMLElement::asXML()). (Stas) **SOAP:** * Fixed
bug php#71711 (Soap Server Member variables reference bug). (Nikita) * Fixed bug
php#71996 (Using references in arrays doesn’t work like expected). (Nikita)
**SPL:** * Fixed bug php#73257, php#73258 (SplObjectStorage unserialize allows
use of non-object as key). (Stas)

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorMarko Stanec
Cert idNCERT-REF-2016-10-0116-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa ghostscript

Otkriveni su sigurnosni nedostaci u programskom paketu ghostscript za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju pristup proizvoljnim datotekama,...