——————————————————————————–
Fedora Update Notification
FEDORA-2016-34a6b65583
2016-07-02 13:23:23.483220
——————————————————————————–
Name : php
Product : Fedora 23
Version : 5.6.23
Release : 1.fc23
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
——————————————————————————–
Update Information:
23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow
in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug
php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug
php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** *
Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug
php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339
(Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) *
Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed
bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap
overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn’t
work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402
(_php_mb_regex_ereg_replace_exec – double free). (Stas) **mcrypt:** * Fixed
bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** *
Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot
com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in
SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free
Vulnerability in PHP’s GC algorithm and unserialize). (Dmitry) **OpenSSL:** *
Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)
**WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize).
(Stas)
——————————————————————————–
References:
[ 1 ] Bug #1351175 – CVE-2016-5772 php: Double Free Corruption in wddx_deserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351175
[ 2 ] Bug #1351173 – CVE-2016-5771 php: Use After Free Vulnerability in PHP’s GC algorithm and unserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351173
[ 3 ] Bug #1351171 – CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread
https://bugzilla.redhat.com/show_bug.cgi?id=1351171
[ 4 ] Bug #1351168 – CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
https://bugzilla.redhat.com/show_bug.cgi?id=1351168
[ 5 ] Bug #1351070 – CVE-2016-5769 php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows
https://bugzilla.redhat.com/show_bug.cgi?id=1351070
[ 6 ] Bug #1351069 – CVE-2016-5767 php: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351069
[ 7 ] Bug #1351068 – CVE-2016-5766 php: Integer Overflow in _gd2GetHeader() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351068
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2016-99fbdc5c34
2016-07-02 13:22:22.108452
——————————————————————————–
Name : php
Product : Fedora 22
Version : 5.6.23
Release : 1.fc22
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
——————————————————————————–
Update Information:
23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow
in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug
php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug
php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** *
Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug
php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339
(Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) *
Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed
bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap
overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn’t
work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402
(_php_mb_regex_ereg_replace_exec – double free). (Stas) **mcrypt:** * Fixed
bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** *
Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot
com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in
SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free
Vulnerability in PHP’s GC algorithm and unserialize). (Dmitry) **OpenSSL:** *
Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)
**WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize).
(Stas)
——————————————————————————–
References:
[ 1 ] Bug #1351175 – CVE-2016-5772 php: Double Free Corruption in wddx_deserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351175
[ 2 ] Bug #1351173 – CVE-2016-5771 php: Use After Free Vulnerability in PHP’s GC algorithm and unserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351173
[ 3 ] Bug #1351171 – CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread
https://bugzilla.redhat.com/show_bug.cgi?id=1351171
[ 4 ] Bug #1351168 – CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
https://bugzilla.redhat.com/show_bug.cgi?id=1351168
[ 5 ] Bug #1351070 – CVE-2016-5769 php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows
https://bugzilla.redhat.com/show_bug.cgi?id=1351070
[ 6 ] Bug #1351069 – CVE-2016-5767 php: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351069
[ 7 ] Bug #1351068 – CVE-2016-5766 php: Integer Overflow in _gd2GetHeader() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351068
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2016-ec372bddb9
2016-07-02 13:28:24.865219
——————————————————————————–
Name : php
Product : Fedora 24
Version : 5.6.23
Release : 1.fc24
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
——————————————————————————–
Update Information:
23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow
in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug
php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug
php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** *
Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug
php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339
(Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) *
Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed
bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap
overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn’t
work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402
(_php_mb_regex_ereg_replace_exec – double free). (Stas) **mcrypt:** * Fixed
bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** *
Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot
com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in
SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free
Vulnerability in PHP’s GC algorithm and unserialize). (Dmitry) **OpenSSL:** *
Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)
**WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize).
(Stas)
——————————————————————————–
References:
[ 1 ] Bug #1351175 – CVE-2016-5772 php: Double Free Corruption in wddx_deserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351175
[ 2 ] Bug #1351173 – CVE-2016-5771 php: Use After Free Vulnerability in PHP’s GC algorithm and unserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351173
[ 3 ] Bug #1351171 – CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread
https://bugzilla.redhat.com/show_bug.cgi?id=1351171
[ 4 ] Bug #1351168 – CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec
https://bugzilla.redhat.com/show_bug.cgi?id=1351168
[ 5 ] Bug #1351070 – CVE-2016-5769 php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows
https://bugzilla.redhat.com/show_bug.cgi?id=1351070
[ 6 ] Bug #1351069 – CVE-2016-5767 php: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351069
[ 7 ] Bug #1351068 – CVE-2016-5766 php: Integer Overflow in _gd2GetHeader() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351068
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org