Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: FEDORA-2016-99fbdc5c34
Distribution: Fedora
Plattformen: Fedora 22
Datum: So, 3. Juli 2016, 19:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766

Originalnachricht

Name        : php
Product : Fedora 22
Version : 5.6.23
Release : 1.fc22
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

-------------------------------------------------------------------------------
-
Update Information:

23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow
in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug
php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug
php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** *
Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug
php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339
(Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) *
Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed
bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in
heap
overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal
doesn't
work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402
(_php_mb_regex_ereg_replace_exec - double free). (Stas) **mcrypt:** * Fixed
bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** *
Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot
com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in
SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free
Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)
**OpenSSL:** *
Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub
Zelenka)
**WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize).
(Stas)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1351175 - CVE-2016-5772 php: Double Free Corruption in
wddx_deserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351175
[ 2 ] Bug #1351173 - CVE-2016-5771 php: Use After Free Vulnerability in
PHP's GC algorithm and unserialize
https://bugzilla.redhat.com/show_bug.cgi?id=1351173
[ 3 ] Bug #1351171 - CVE-2016-5770 php: Int/size_t confusion in
SplFileObject::fread
https://bugzilla.redhat.com/show_bug.cgi?id=1351171
[ 4 ] Bug #1351168 - CVE-2016-5768 php: Double free in
_php_mb_regex_ereg_replace_exec
https://bugzilla.redhat.com/show_bug.cgi?id=1351168
[ 5 ] Bug #1351070 - CVE-2016-5769 php: Integer Overflows in mcrypt_generic()
and mdecrypt_generic() resulting in heap overflows
https://bugzilla.redhat.com/show_bug.cgi?id=1351070
[ 6 ] Bug #1351069 - CVE-2016-5767 php: Integer Overflow in
gdImagePaletteToTrueColor() resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351069
[ 7 ] Bug #1351068 - CVE-2016-5766 php: Integer Overflow in _gd2GetHeader()
resulting in heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1351068
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung