Mehrere Probleme in PHP
ID: | FEDORA-2015-1101 |
Distribution: | Fedora |
Plattformen: | Fedora 20 |
Datum: | Fr, 6. Februar 2015, 07:33 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232 |
Applikationen: | PHP |
Originalnachricht |
|
Name : php Product : Fedora 20 Version : 5.5.21 Release : 1.fc20 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. -------------------------------------------------------------------------------- Update Information: 22 Jan 2014, PHP 5.5.21 Core: * Upgraded crypt_blowfish to version 1.3. (Leigh) * Fixed bug #60704 (unlink() bug with some files path). * Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien) * Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com) * Fixed bug #55541 (errors spawn MessageBox, which blocks test automation). (Anatol) * Fixed bug #68297 (Application Popup provides too few information). (Anatol) * Fixed bug #65769 (localeconv() broken in TS builds). (Anatol) * Fixed bug #65230 (setting locale randomly broken). (Anatol) * Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly). (Ferenc) * Fixed bug #68583 (Crash in timeout thread). (Anatol) * Fixed bug #68676 (Explicit Double Free). (Kalle) * Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) (Stefan Esser) CGI: * Fixed bug #68618 (out of bounds read crashes php-cgi).(CVE-2014-9427) (Stas) CLI server: * Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam) cURL: * Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) EXIF: * Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) (Stas) Fileinfo: * Fixed bug #68671 (incorrect expression in libmagic). (Joshua Rogers, Anatol Belski) * Removed readelf.c and related code from libmagic sources (Remi, Anatol) * Fixed bug #68735 (fileinfo out-of-bounds memory access). (Anatol) FPM: * Fixed bug #68751 (listen.allowed_clients is broken). (Remi) GD: * Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi) Mbstring: * Fixed bug #68504 (--with-libmbfl configure option not present on Windows). (Ashesh Vashi) Mcrypt: * Fixed possible read after end of buffer and use after free. (Dmitry) Opcache: * Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach loops). (Nikita) OpenSSL: * Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey) Pcntl: * Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien) PCRE: * Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream). (Rainer Jung, Anatol Belski) pgsql: * Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý) PDO: * Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specific attribute names). (Matteo) PDO_mysql: * Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com) SPL: * Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin) * Fixed bug #65213 (cannot cast SplFileInfo to boolean) (Tjerk) * Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe) SQLite: * Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol) Streams: * Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de) -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 22 2015 Remi Collet |