drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PHP
Name: |
Mehrere Probleme in PHP |
|
ID: |
FEDORA-2016-ec372bddb9 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 24 |
|
Datum: |
So, 3. Juli 2016, 19:24 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772 |
|
Applikationen: |
PHP |
|
Originalnachricht |
Name : php Product : Fedora 24 Version : 5.6.23 Release : 1.fc24 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.
------------------------------------------------------------------------------- - Update Information:
23 Jun 2016, **PHP 5.6.23** **Core:** * Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas) **GD:** * Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) * Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) **Intl:** * Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol) **mbstring:** * Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) **mcrypt:** * Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas) **Phar:** * Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com) **SPL:** * Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) **OpenSSL:** * Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka) **WDDX:** * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1351175 - CVE-2016-5772 php: Double Free Corruption in wddx_deserialize https://bugzilla.redhat.com/show_bug.cgi?id=1351175 [ 2 ] Bug #1351173 - CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize https://bugzilla.redhat.com/show_bug.cgi?id=1351173 [ 3 ] Bug #1351171 - CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread https://bugzilla.redhat.com/show_bug.cgi?id=1351171 [ 4 ] Bug #1351168 - CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec https://bugzilla.redhat.com/show_bug.cgi?id=1351168 [ 5 ] Bug #1351070 - CVE-2016-5769 php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows https://bugzilla.redhat.com/show_bug.cgi?id=1351070 [ 6 ] Bug #1351069 - CVE-2016-5767 php: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=1351069 [ 7 ] Bug #1351068 - CVE-2016-5766 php: Integer Overflow in _gd2GetHeader() resulting in heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=1351068 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
|
|
|
|