You are here
Home > Preporuke > Sigurnosni propusti programskog paketa php

Sigurnosni propusti programskog paketa php

——————————————————————————–
Fedora Update Notification
FEDORA-2016-9282d83bee
2016-04-09 10:20:41.903258
——————————————————————————–

Name : php
Product : Fedora 22
Version : 5.6.20
Release : 1.fc22
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

31 Mar 2016, **PHP 5.6.20** **CLI Server:** * Fixed bug php#69953 (Support
MKCALENDAR request method). (Christoph) **Core:** * Fixed bug php#71596
(Segmentation fault on ZTS with date function (setlocale)). (Anatol) **Curl:**
* Fixed bug php#71694 (Support constant CURLM_ADDED_ALREADY). (mpyw) **Date:**
* Fixed bug php#71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
**Fileinfo:** * Fixed bug php#71527 (Buffer over-write in finfo_open with
malformed magic file). (Anatol) **Mbstring:** * Fixed bug php#71906
(AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (Stas) **ODBC:**
* Fixed bug php#47803, php#69526 (Executing prepared statements is succesfull
only for the first two statements). (einavitamar, Anatol) * Fixed bug php#71860
(Invalid memory write in phar on filename with \0 in name). (Stas)
**PDO_DBlib:** * Fixed bug php#54648 (PDO::MSSQL forces format of datetime
fields). (steven, Anatol) **Phar:** * Fixed bug php#71625 (Crash in php7.dll
with bad phar filename). (Anatol) * Fixed bug php#71504 (Parsing of tar file
with duplicate filenames causes memory leak). (Jos Elstgeest) **SNMP:** *
Fixed bug php#71704 (php_snmp_error() Format String Vulnerability). (andrew)
**Standard** * Fixed bug php#71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen, Stas)
——————————————————————————–
References:

[ 1 ] Bug #1323114 – php: Integer overflow in php_raw_url_encode
https://bugzilla.redhat.com/show_bug.cgi?id=1323114
[ 2 ] Bug #1323108 – php: Format string vulnerability in php_snmp_error()
https://bugzilla.redhat.com/show_bug.cgi?id=1323108
[ 3 ] Bug #1323106 – php: Invalid memory write in phar on filename containing \0 inside name
https://bugzilla.redhat.com/show_bug.cgi?id=1323106
[ 4 ] Bug #1323103 – php: Negative size parameter in memcpy
https://bugzilla.redhat.com/show_bug.cgi?id=1323103
[ 5 ] Bug #1323118 – file: Buffer over-write in finfo_open with malformed magic file
https://bugzilla.redhat.com/show_bug.cgi?id=1323118
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2016-1cf1b49047
2016-04-09 10:22:58.046295
——————————————————————————–

Name : php
Product : Fedora 23
Version : 5.6.20
Release : 1.fc23
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

——————————————————————————–
Update Information:

31 Mar 2016, **PHP 5.6.20** **CLI Server:** * Fixed bug php#69953 (Support
MKCALENDAR request method). (Christoph) **Core:** * Fixed bug php#71596
(Segmentation fault on ZTS with date function (setlocale)). (Anatol) **Curl:**
* Fixed bug php#71694 (Support constant CURLM_ADDED_ALREADY). (mpyw) **Date:**
* Fixed bug php#71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
**Fileinfo:** * Fixed bug php#71527 (Buffer over-write in finfo_open with
malformed magic file). (Anatol) **Mbstring:** * Fixed bug php#71906
(AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (Stas) **ODBC:**
* Fixed bug php#47803, php#69526 (Executing prepared statements is succesfull
only for the first two statements). (einavitamar, Anatol) * Fixed bug php#71860
(Invalid memory write in phar on filename with \0 in name). (Stas)
**PDO_DBlib:** * Fixed bug php#54648 (PDO::MSSQL forces format of datetime
fields). (steven, Anatol) **Phar:** * Fixed bug php#71625 (Crash in php7.dll
with bad phar filename). (Anatol) * Fixed bug php#71504 (Parsing of tar file
with duplicate filenames causes memory leak). (Jos Elstgeest) **SNMP:** *
Fixed bug php#71704 (php_snmp_error() Format String Vulnerability). (andrew)
**Standard** * Fixed bug php#71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen, Stas)
——————————————————————————–
References:

[ 1 ] Bug #1323114 – php: Integer overflow in php_raw_url_encode
https://bugzilla.redhat.com/show_bug.cgi?id=1323114
[ 2 ] Bug #1323108 – php: Format string vulnerability in php_snmp_error()
https://bugzilla.redhat.com/show_bug.cgi?id=1323108
[ 3 ] Bug #1323106 – php: Invalid memory write in phar on filename containing \0 inside name
https://bugzilla.redhat.com/show_bug.cgi?id=1323106
[ 4 ] Bug #1323103 – php: Negative size parameter in memcpy
https://bugzilla.redhat.com/show_bug.cgi?id=1323103
[ 5 ] Bug #1323118 – file: Buffer over-write in finfo_open with malformed magic file
https://bugzilla.redhat.com/show_bug.cgi?id=1323118
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci u jezgri operacijskog sustava

Otkriveni su sigurnosni nedostaci u jezgri operacijskog sustava Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje povećanih korisničkih ovlasti, izvođenje napada...

Close