Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: FEDORA-2018-ee6707d519
Distribution: Fedora
Plattformen: Fedora 28
Datum: Fr, 4. Mai 2018, 00:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712
Applikationen: PHP

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-ee6707d519
2018-05-03 15:24:49.298664
-------------------------------------------------------------------------------
-

Name : php
Product : Fedora 28
Version : 7.2.5
Release : 1.fc28
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

-------------------------------------------------------------------------------
-
Update Information:

**PHP version 7.2.5** (26 Apr 2018) **Core:** * Fixed bug php#75722 (Convert
valgrind detection to configure option). (Michael Heimpold) **Date:** * Fixed
bug php#76131 (mismatch arginfo for date_create). (carusogabriel) **Exif:** *
Fixed bug php#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
(Stas) **FPM:** * Fixed bug php#68440 (ERROR: failed to reload: execvp()
failed: Argument list too long). (Jacob Hipps) * Fixed incorrect write to
getenv
result in FPM reload. (Jakub Zelenka) **GD:** * Fixed bug php#52070
(imagedashedline() - dashed line sometimes is not visible). (cmb) **intl:** *
Fixed bug php#76153 (Intl compilation fails with icu4c 61.1). (Anatol)
**iconv:** * Fixed bug php#76249 (stream filter convert.iconv leads to
infinite
loop on invalid sequence). (Stas) **ldap:** * Fixed bug php#76248 (Malicious
LDAP-Server Response causes Crash). (Stas) **mbstring:** * Fixed bug
php#75944
(Wrong cp1251 detection). (dmk001) * Fixed bug php#76113 (mbstring does not
build with Oniguruma 6.8.1). (chrullrich, cmb) **ODBC:** * Fixed bug
php#76088
(ODBC functions are not available by default on Windows). (cmb) **Opcache:**
*
Fixed bug php#76094 (Access violation when using opcache). (Laruence)
**Phar:**
* Fixed bug php#76129 (fix for CVE-2018-5712 may not be complete). (Stas)
**phpdbg:** * Fixed bug php#76143 (Memory corruption: arbitrary NUL
overwrite).
(Laruence) **SPL:** * Fixed bug php#76131 (mismatch arginfo for splarray
constructor). (carusogabriel) **standard:** * Fixed bug php#74139
(mail.add_x_header default inconsistent with docs). (cmb) * Fixed bug php#75996
(incorrect url in header for mt_rand). (tatarbj)
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Apr 24 2018 Remi Collet <remi@remirepo.net> - 7.2.5-1
- Update to 7.2.5 - http://www.php.net/releases/7_2_5.php
* Wed Apr 11 2018 Remi Collet <remi@remirepo.net> - 7.2.5~RC1-1
- update to 7.2.5RC1
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1573814 - CVE-2018-10547 php: Reflected XSS vulnerability on PHAR
403 and 404 error pages
https://bugzilla.redhat.com/show_bug.cgi?id=1573814
[ 2 ] Bug #1573805 - CVE-2018-10548 php: Null pointer dereference due to
mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
https://bugzilla.redhat.com/show_bug.cgi?id=1573805
[ 3 ] Bug #1573802 - CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c
when using stream filter with convert.incov on invalid sequence leads to denial-of-service
https://bugzilla.redhat.com/show_bug.cgi?id=1573802
[ 4 ] Bug #1573797 - CVE-2018-10549 php: Out-of-bounds read in
ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
https://bugzilla.redhat.com/show_bug.cgi?id=1573797
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-ee6707d519' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung