--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-d6b82fc729
2016-10-18 11:24:07.156521
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 25
Version     : 7.0.12
Release     : 2.fc25
URL         : https://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

13 Oct 2016 - **PHP version 7.0.12**  **Core:**  * Fixed bug php#73025 (Heap
Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug
php#72703 (Out of bounds global memory read in BF_crypt triggered by
password_verify). (Anatol) * Fixed bug php#73058 (crypt broken when salt is
'too' long). (Anatol) * Fixed bug php#69579 (Invalid free in extension trait).
(John Boehr) * Fixed bug php#73156 (segfault on undefined function). (Dmitry) *
Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef
const in default value). (Nikita) * Fixed bug php#73172 (parse error: Invalid
numeric literal). (Nikita, Anatol) * Fixed for php#73240 (Write out of bounds at
number_format). (Stas) * Fixed bug php#73147 (Use After Free in PHP7
unserialize()). (Stas) * Fixed bug php#73189 (Memcpy negative size parameter
php_resolve_path). (Stas)  **BCmath:**  * Fix bug php#73190 (memcpy negative
parameter _bc_new_num_ex). (Stas)  **Date:**  * Fixed bug php#73091
(Unserializing DateInterval object may lead to __toString invocation). (Stas)
**DOM:**  * Fixed bug php#73150 (missing NULL check in dom_document_save_html).
(Stas)  **Filter:**  * Fixed bug php#72972 (Bad filter for the flags
FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien) * Fixed bug
php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:**  * Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in
palette). (cmb) * Fixed bug php#50194 (imagettftext broken on transparent
background w/o alphablending). (cmb) * Fixed bug php#73003 (Integer Overflow in
gdImageWebpCtx of gd_webp.c). (trylab, cmb) * Fixed bug php#53504 (imagettfbbox
gives incorrect values for bounding box). (Mark Plomer, cmb) * Fixed bug
php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb) * Fixed bug
php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) * Fixed bug
php#73159 (imagegd2(): unrecognized formats may result in corrupted files).
(cmb) * Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:**  * Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Mbstring:**  * Fixed bug php#66797 (mb_substr only takes 32-bit signed
integer). (cmb) * Fixed bug php#66964 (mb_convert_variables() cannot detect
recursion) (Yasuo) * Fixed bug php#72992 (mbstring.internal_encoding doesn't
inherit default_charset). (Yasuo)  **Mysqlnd:**  * Fixed bug php#72489 (PHP
Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)
**Opcache:**  * Fixed bug php#72982 (Memory leak in
zend_accel_blacklist_update_regexp() function). (Laruence)  **OpenSSL:**  *
Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub
Zelenka) * Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function).
(Stas) * Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)
**PCRE:**  * Fixed bug php#73121 (Bundled PCRE doesn't compile because JIT isn't
supported on s390). (Anatol) * Fixed bug php#73174 (heap overflow in
php_pcre_replace_impl). (Stas)  **PDO_DBlib:**  * Fixed bug php#72414 (Never
quote values as raw binary data). (Adam Baratz) * Allow \PDO::setAttribute() to
set query timeouts. (Adam Baratz) * Handle SQLDECIMAL/SQLNUMERIC types, which
are used by later TDS versions. (Adam Baratz) * Add common PDO test suite. (Adam
Baratz) * Free error and message strings when cleaning up PDO instances. (Adam
Baratz) * Fixed bug php#67130 (\PDOStatement::nextRowset() should succeed when
all rows in current rowset haven't been fetched). (Peter LeBrun) * Ignore
potentially misleading dberr values. (Chris Kings-Lynne)  **phpdbg:**  * Fixed
bug php#72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita) * Fixed
next command not stopping when leaving function. (Bob)  **Session:**  * Fixed
bug php#68015 (Session does not report invalid uid for files save handler).
(Yasuo) * Fixed bug php#73100 (session_destroy null dereference in
ps_files_path_create). (cmb)  **SimpleXML:**  * Fixed bug php#73293 (NULL
pointer dereference in SimpleXMLElement::asXML()). (Stas)  **SOAP:**  * Fixed
bug php#71711 (Soap Server Member variables reference bug). (Nikita) * Fixed bug
php#71996 (Using references in arrays doesn't work like expected). (Nikita)
**SPL:**  * Fixed bug php#73257, php#73258 (SplObjectStorage unserialize allows
use of non-object as key). (Stas)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: php Security Update 2016-d6b82fc729

October 18, 2016
13 Oct 2016 - **PHP version 7.0.12** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)

which adds support for the PHP language to Apache HTTP Server.

Update Information:

13 Oct 2016 - **PHP version 7.0.12** **Core:** * Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb) * Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol) * Fixed bug php#73058 (crypt broken when salt is 'too' long). (Anatol) * Fixed bug php#69579 (Invalid free in extension trait). (John Boehr) * Fixed bug php#73156 (segfault on undefined function). (Dmitry) * Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita) * Fixed bug php#73172 (parse error: Invalid numeric literal). (Nikita, Anatol) * Fixed for php#73240 (Write out of bounds at number_format). (Stas) * Fixed bug php#73147 (Use After Free in PHP7 unserialize()). (Stas) * Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas) **BCmath:** * Fix bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas) **Date:** * Fixed bug php#73091 (Unserializing...

Change Log

References

Fedora Update Notification FEDORA-2016-d6b82fc729 2016-10-18 11:24:07.156521 Name : php Product : Fedora 25 Version : 7.0.12 Release : 2.fc25 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php
Product : Fedora 25
Version : 7.0.12
Release : 2.fc25
URL : https://www.php.net/
Summary : PHP scripting language for creating dynamic web sites

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved