Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: FEDORA-2016-34a6b65583
Distribution: Fedora
Plattformen: Fedora 23
Datum: So, 3. Juli 2016, 19:27
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5772
Applikationen: PHP

Originalnachricht

 
Name        : php
Product     : Fedora 23
Version     : 5.6.23
Release     : 1.fc23
URL         : http://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

-------------------------------------------------------------------------------
-
Update Information:

23 Jun 2016, **PHP 5.6.23**  **Core:**  * Fixed bug php#72275 (Integer Overflow
in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas) * Fixed bug
php#72400 (Integer Overflow in addcslashes/addslashes). (Stas) * Fixed bug
php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)  **GD:**  *
Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas) * Fixed bug
php#72337 (invalid dimensions can lead to crash) (Pierre) * Fixed bug php#72339
(Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) *
Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas) * Fixed
bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in
 heap
overflow). (Pierre)  **Intl:**  * Fixed bug php#70484 (selectordinal
 doesn't
work with named parameters). (Anatol)  **mbstring:**  * Fixed bug php#72402
(_php_mb_regex_ereg_replace_exec - double free). (Stas)  **mcrypt:**  * Fixed
bug php#72455 (Heap Overflow due to integer overflows). (Stas)  **Phar:**  *
Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot
com)  **SPL:**  * Fixed bug php#72262 (int/size_t confusion in
SplFileObject::fread). (Stas) * Fixed bug php#72433 (Use After Free
Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) 
 **OpenSSL:**  *
Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub
 Zelenka)
**WDDX:**  * Fixed bug php#72340 (Double Free Courruption in wddx_deserialize).
(Stas)
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1351175 - CVE-2016-5772 php: Double Free Corruption in
 wddx_deserialize
        https://bugzilla.redhat.com/show_bug.cgi?id=1351175
  [ 2 ] Bug #1351173 - CVE-2016-5771 php: Use After Free Vulnerability in
 PHP's GC algorithm and unserialize
        https://bugzilla.redhat.com/show_bug.cgi?id=1351173
  [ 3 ] Bug #1351171 - CVE-2016-5770 php: Int/size_t confusion in
 SplFileObject::fread
        https://bugzilla.redhat.com/show_bug.cgi?id=1351171
  [ 4 ] Bug #1351168 - CVE-2016-5768 php: Double free in
 _php_mb_regex_ereg_replace_exec
        https://bugzilla.redhat.com/show_bug.cgi?id=1351168
  [ 5 ] Bug #1351070 - CVE-2016-5769 php: Integer Overflows in mcrypt_generic()
 and mdecrypt_generic() resulting in heap overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=1351070
  [ 6 ] Bug #1351069 - CVE-2016-5767 php: Integer Overflow in
 gdImagePaletteToTrueColor() resulting in heap overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1351069
  [ 7 ] Bug #1351068 - CVE-2016-5766 php: Integer Overflow in _gd2GetHeader()
 resulting in heap overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1351068
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung