You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php

Sigurnosni nedostaci programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2018-04f6056c42
2018-05-04 08:18:32.820752
——————————————————————————–

Name : php
Product : Fedora 27
Version : 7.1.17
Release : 1.fc27
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

**PHP version 7.1.17** (26 Apr 2018) **Date:** * Fixed bug php#76131 (mismatch
arginfo for date_create). (carusogabriel) **Exif:** * Fixed bug php#76130
(Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas) **FPM:** *
Fixed bug php#68440 (ERROR: failed to reload: execvp() failed: Argument list too
long). (Jacob Hipps) * Fixed incorrect write to getenv result in FPM reload.
(Jakub Zelenka) **GD:** * Fixed bug php#52070 (imagedashedline() – dashed line
sometimes is not visible). (cmb) **iconv:** * Fixed bug php#76249 (stream
filter convert.iconv leads to infinite loop on invalid sequence). (Stas)
**intl:** * Fixed bug php#76153 (Intl compilation fails with icu4c 61.1).
(Anatol) **ldap:** * Fixed bug php#76248 (Malicious LDAP-Server Response
causes Crash). (Stas) **mbstring:** * Fixed bug php#75944 (Wrong cp1251
detection). (dmk001) * Fixed bug php#76113 (mbstring does not build with
Oniguruma 6.8.1). (chrullrich, cmb) **Phar:** * Fixed bug php#76129 (fix for
CVE-2018-5712 may not be complete). (Stas) **phpdbg:** * Fixed bug php#76143
(Memory corruption: arbitrary NUL overwrite). (Laruence) **SPL:** * Fixed bug
php#76131 (mismatch arginfo for splarray constructor). (carusogabriel)
**standard:** * Fixed bug php#75996 (incorrect url in header for mt_rand).
(tatarbj)
——————————————————————————–
ChangeLog:

* Wed Apr 25 2018 Remi Collet <remi@remirepo.net> – 7.1.17-1
– Update to 7.1.17 – http://www.php.net/releases/7_1_17.php
* Wed Mar 28 2018 Remi Collet <remi@remirepo.net> – 7.1.16-1
– Update to 7.1.16 – http://www.php.net/releases/7_1_16.php
* Wed Mar 14 2018 Remi Collet <remi@remirepo.net> – 7.1.16~RC1-1
– Update to 7.1.16RC1
* Wed Feb 28 2018 Remi Collet <remi@remirepo.net> – 7.1.15-1
– Update to 7.1.15 – http://www.php.net/releases/7_1_15.php
– FPM: revert pid file removal
* Wed Feb 21 2018 Remi Collet <remi@remirepo.net> – 7.1.15~RC1-3
– disable ZTS on RHEL
* Fri Feb 16 2018 Remi Collet <remi@remirepo.net> – 7.1.15~RC1-2
– disable pspell extension on RHEL
– improve devel dependencies
* Wed Feb 14 2018 Remi Collet <remi@remirepo.net> – 7.1.15~RC1-1
– Update to 7.1.15RC1
– adapt ldap patch
* Wed Jan 31 2018 Remi Collet <remi@remirepo.net> – 7.1.14-1
– Update to 7.1.14 – http://www.php.net/releases/7_1_14.php
* Mon Jan 29 2018 Remi Collet <rcollet@redhat.com> – 7.1.14~RC1-2
– disable interbase, imap, pdo_dblib and mcrypt on rhel
* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> – 7.1.14~RC1-1
– Update to 7.1.14RC1
– define SOURCE_DATE_EPOCH for reproducible build
* Wed Jan 3 2018 Remi Collet <remi@remirepo.net> – 7.1.13-1
– Update to 7.1.13 – http://www.php.net/releases/7_1_13.php
* Wed Dec 6 2017 Remi Collet <remi@fedoraproject.org> – 7.1.13~RC1-1
– Update to 7.1.13RC1
* Wed Nov 22 2017 Remi Collet <remi@fedoraproject.org> – 7.1.12-1
– Update to 7.1.12 – http://www.php.net/releases/7_1_12.php
* Wed Nov 8 2017 Remi Collet <remi@fedoraproject.org> – 7.1.12~RC1-1
– Update to 7.1.12RC1
* Wed Oct 25 2017 Remi Collet <remi@fedoraproject.org> – 7.1.11-1
– Update to 7.1.11 – http://www.php.net/releases/7_1_11.php
– make php-fpm a weak dependency #1505644
* Wed Oct 11 2017 Remi Collet <remi@fedoraproject.org> – 7.1.11~RC1-1
– Update to 7.1.11RC1
——————————————————————————–
References:

[ 1 ] Bug #1573814 – CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
https://bugzilla.redhat.com/show_bug.cgi?id=1573814
[ 2 ] Bug #1573805 – CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
https://bugzilla.redhat.com/show_bug.cgi?id=1573805
[ 3 ] Bug #1573802 – CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
https://bugzilla.redhat.com/show_bug.cgi?id=1573802
[ 4 ] Bug #1573797 – CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
https://bugzilla.redhat.com/show_bug.cgi?id=1573797
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-04f6056c42’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa JBoss Fuse

Otkriveni su sigurnosni nedostaci u programskom paketu JBoss Fuse za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje...

Close