Sicherheit: Zwei Probleme in php
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in php
ID: FEDORA-2018-7ebfe1e6f2
Distribution: Fedora
Plattformen: Fedora 29
Datum: Mo, 17. Dezember 2018, 23:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19518
Applikationen: PHP


Fedora Update Notification
2018-12-17 19:11:43.857951

Name : php
Product : Fedora 29
Version : 7.2.13
Release : 2.fc29
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.2.13** (06 Dec 2018) **ftp:** * Fixed bug php#77151
(ftp_close(): SSL_read on shutdown). (Remi) **CLI:** * Fixed bug php#77111
(php-win.exe corrupts unicode symbols from cli parameters). (Anatol)
**Fileinfo:** * Fixed bug php#77095 (slowness regression in 7.2/7.3 (compared
to 7.1)). (Anatol) **iconv:** * Fixed bug php#77147 (Fixing 60494 ignored
ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb) **Core:** * Fixed bug php#77231
(Segfault when using convert.quoted-printable-encode filter). (Stas)
* Fixed bug php#77153 (imap_open allows to run arbitrary shell commands via
mailbox parameter). (Stas) **ODBC:** * Fixed bug php#77079 (odbc_fetch_object
has incorrect type signature). (Jon Allen) **Opcache:** * Fixed bug php#77058
(Type inference in opcache causes side effects). (Nikita) * Fixed bug php#77092
(array_diff_key() - segmentation fault). (Nikita) **Phar:** * Fixed bug
php#77022 (PharData always creates new files with mode 0666). (Stas) * Fixed
php#77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (Stas)
**PGSQL:** * Fixed bug php#77047 (pg_convert has a broken regex for the
WITHOUT TIMEZONE' data type). (Andy Gajetzki) **SOAP:** * Fixed bug
(SoapClient can't handle object references correctly). (Cameron Porter) *
bug php#76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb) * Fixed bug
php#77141 (Signedness issue in SOAP when precision=-1). (cmb) **Sockets:** *
Fixed bug php#67619 (Validate length on socket_write). (thiagooak) ----
upstream** **IMAP** * Fix php#77020 null pointer dereference in imap_mail

* Sat Dec 8 2018 Remi Collet <remi@remirepo.net> - 7.2.13-2
- Fix null pointer dereference in imap_mail CVE-2018-19935
* Wed Dec 5 2018 Remi Collet <remi@remirepo.net> - 7.2.13-1
- Update to 7.2.13 - http://www.php.net/releases/7_2_13.php
* Wed Nov 21 2018 Remi Collet <remi@remirepo.net> - 7.2.13-0.1.RC1
- update to 7.2.13RC1
* Tue Nov 6 2018 Remi Collet <remi@remirepo.net> - 7.2.12-1
- Update to 7.2.12 - http://www.php.net/releases/7_2_12.php
* Fri Nov 2 2018 Remi Collet <remi@remirepo.net> - 7.2.12-0.1.RC1
- rebuild
* Tue Oct 23 2018 Remi Collet <remi@remirepo.net> - 7.2.12~RC1-1
- update to 7.2.12RC1
* Wed Oct 10 2018 Remi Collet <remi@remirepo.net> - 7.2.11-1
- Update to 7.2.11 - http://www.php.net/releases/7_2_11.php

[ 1 ] Bug #1654228 - CVE-2018-19518 php: imap_open() allows running arbitrary
shell commands via mailbox parameter

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-7ebfe1e6f2' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Neue Nachrichten