You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2017-07-13 13:55:12.014043

Name : php
Product : Fedora 25
Version : 7.0.21
Release : 1.fc25
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738 (Multiple
[PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug
php#74658 (Undefined constants in array properties result in broken properties).
(Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) *
Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1) in
zval_get_type). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1)
finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHP INI
Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819
(wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick)
**DOM:** * Fixed bug php#69373 (References to deleted XPath query results).
(ttoohey) **Intl:** * Fixed bug php#73473 (Stack Buffer Overflow in
msgfmt_parse_message). (libnex) * Fixed bug php#74705 (Wrong reflection on
Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) * Fixed bug
php#73634 (grapheme_strpos illegal memory access). (Stas) **Mbstring:** * Add
oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** * Fixed bug
php#74663 (Segfault with opcache.memory_protect and validate_timestamp).
(Laruence) **OpenSSL:** * Fixed bug php#74651 (negative-size-param (-1) in
memcpy in zif_openssl_seal()). (Stas) **Reflection:** * Fixed bug php#74673
(Segfault when cast Reflection object to string with undefined constant).
(Laruence) **SPL:** * Fixed bug php#74478 (null coalescing operator failing
with SplFixedArray). (jhdxr) **Standard:** * Fixed bug php#74708 (Invalid
Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi) *
Fixed bug php#73648 (Heap buffer overflow in substr). (Stas) **FTP:** * Fixed
bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** * Fixed
bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** *
Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
(Dmitry) **Streams:** * Fixed bug php#74556 (stream_socket_get_name() returns
‘\0’). (Sara)

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade php’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-07-0095-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa evince

Otkriven je sigurnosni nedostatak u programskom paketu evince za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...