Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: FEDORA-2017-b674dc22ad
Distribution: Fedora
Plattformen: Fedora 25
Datum: Fr, 14. Juli 2017, 00:26
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229
Applikationen: PHP


Fedora Update Notification
2017-07-13 13:55:12.014043

Name : php
Product : Fedora 25
Version : 7.0.21
Release : 1.fc25
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.0.21** (06 Jul 2017) **Core:** * Fixed bug php#74738
[PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz) * Fixed bug
php#74658 (Undefined constants in array properties result in broken
(Laruence) * Fixed misparsing of abstract unix domain socket names. (Sara) *
Fixed bug php#74101, bug php#74614 (Unserialize Heap Use-After-Free (READ: 1)
zval_get_type). (Nikita) * Fixed bug php#74111 (Heap buffer overread (READ: 1)
finish_nested_data from unserialize). (Nikita) * Fixed bug php#74603 (PHP INI
Parsing Stack Buffer Overflow Vulnerability). (Stas) * Fixed bug php#74819
(wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick)
**DOM:** * Fixed bug php#69373 (References to deleted XPath query results).
(ttoohey) **Intl:** * Fixed bug php#73473 (Stack Buffer Overflow in
msgfmt_parse_message). (libnex) * Fixed bug php#74705 (Wrong reflection on
Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi) * Fixed
php#73634 (grapheme_strpos illegal memory access). (Stas) **Mbstring:** * Add
oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) **Opcache:** * Fixed bug
php#74663 (Segfault with opcache.memory_protect and validate_timestamp).
(Laruence) **OpenSSL:** * Fixed bug php#74651 (negative-size-param (-1) in
memcpy in zif_openssl_seal()). (Stas) **Reflection:** * Fixed bug php#74673
(Segfault when cast Reflection object to string with undefined constant).
(Laruence) **SPL:** * Fixed bug php#74478 (null coalescing operator failing
with SplFixedArray). (jhdxr) **Standard:** * Fixed bug php#74708 (Invalid
Reflection signatures for random_bytes and random_int). (Tyson Andre, Remi) *
Fixed bug php#73648 (Heap buffer overflow in substr). (Stas) **FTP:** * Fixed
bug php#74598 (ftp:// wrapper ignores context arg). (Sara) **PHAR:** * Fixed
bug php#74386 (Phar::__construct reflection incorrect). (villfa) **SOAP** *
Fixed bug php#74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
(Dmitry) **Streams:** * Fixed bug php#74556 (stream_socket_get_name() returns
'\0'). (Sara)

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Unterstützer werden
Neue Nachrichten