You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa php

Sigurnosni nedostatak programskog paketa php

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-12-17 19:11:43.857951

Name : php
Product : Fedora 29
Version : 7.2.13
Release : 2.fc29
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.2.13** (06 Dec 2018) **ftp:** * Fixed bug php#77151
(ftp_close(): SSL_read on shutdown). (Remi) **CLI:** * Fixed bug php#77111
(php-win.exe corrupts unicode symbols from cli parameters). (Anatol)
**Fileinfo:** * Fixed bug php#77095 (slowness regression in 7.2/7.3 (compared
to 7.1)). (Anatol) **iconv:** * Fixed bug php#77147 (Fixing 60494 ignored
ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb) **Core:** * Fixed bug php#77231
(Segfault when using convert.quoted-printable-encode filter). (Stas) **IMAP:**
* Fixed bug php#77153 (imap_open allows to run arbitrary shell commands via
mailbox parameter). (Stas) **ODBC:** * Fixed bug php#77079 (odbc_fetch_object
has incorrect type signature). (Jon Allen) **Opcache:** * Fixed bug php#77058
(Type inference in opcache causes side effects). (Nikita) * Fixed bug php#77092
(array_diff_key() – segmentation fault). (Nikita) **Phar:** * Fixed bug
php#77022 (PharData always creates new files with mode 0666). (Stas) * Fixed bug
php#77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (Stas)
**PGSQL:** * Fixed bug php#77047 (pg_convert has a broken regex for the ‘TIME
WITHOUT TIMEZONE’ data type). (Andy Gajetzki) **SOAP:** * Fixed bug php#50675
(SoapClient can’t handle object references correctly). (Cameron Porter) * Fixed
bug php#76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb) * Fixed bug
php#77141 (Signedness issue in SOAP when precision=-1). (cmb) **Sockets:** *
Fixed bug php#67619 (Validate length on socket_write). (thiagooak) —- **From
upstream** **IMAP** * Fix php#77020 null pointer dereference in imap_mail

* Sat Dec 8 2018 Remi Collet <> – 7.2.13-2
– Fix null pointer dereference in imap_mail CVE-2018-19935
* Wed Dec 5 2018 Remi Collet <> – 7.2.13-1
– Update to 7.2.13 –
* Wed Nov 21 2018 Remi Collet <> – 7.2.13-0.1.RC1
– update to 7.2.13RC1
* Tue Nov 6 2018 Remi Collet <> – 7.2.12-1
– Update to 7.2.12 –
* Fri Nov 2 2018 Remi Collet <> – 7.2.12-0.1.RC1
– rebuild
* Tue Oct 23 2018 Remi Collet <> – 7.2.12~RC1-1
– update to 7.2.12RC1
* Wed Oct 10 2018 Remi Collet <> – 7.2.11-1
– Update to 7.2.11 –

[ 1 ] Bug #1654228 – CVE-2018-19518 php: imap_open() allows running arbitrary shell commands via mailbox parameter

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-7ebfe1e6f2’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorJosip Papratovic
Cert idNCERT-REF-2018-12-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa php-symfony4

Otkriveni su sigurnosni nedostaci u programskom paketu php-symfony4 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...