Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: FEDORA-2019-a54a622670
Distribution: Fedora
Plattformen: Fedora 31
Datum: So, 5. Januar 2020, 10:33
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11047
Applikationen: PHP


Fedora Update Notification
2020-01-05 00:38:52.032021

Name : php
Product : Fedora 31
Version : 7.3.13
Release : 1.fc31
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.3.13** (18 Dec 2019) **Bcmath:** * Fixed bug php#78878
underflow in bc_shift_addsub). (**CVE-2019-11046**). (cmb) **Core:** * Fixed
bug php#78862 (link() silently truncates after a null byte on Windows).
(**CVE-2019-11044**). (cmb) * Fixed bug php#78863 (DirectoryIterator class
silently truncates after a null byte). (**CVE-2019-11045**). (cmb) * Fixed bug
php#78943 (mail() may release string with refcount==1 twice).
(**CVE-2019-11049**). (cmb) * Fixed bug php#78787 (Segfault with trait
overriding inherited private shadow property). (Nikita) * Fixed bug php#78868
(Calling __autoload() with incorrect EG(fake_scope) value). (Antony Dovgal,
Dmitry) * Fixed bug php#78296 (is_file fails to detect file). (cmb) **EXIF:**
* Fixed bug php#78793 (Use-after-free in exif parsing under memory sanitizer).
(**CVE-2019-11050**). (Nikita) * Fixed bug php#78910 (Heap-buffer-overflow READ
in exif). (**CVE-2019-11047**). (Nikita) **GD:** * Fixed bug php#78849 (GD
build broken with -D SIGNED_COMPARE_SLOW). (cmb) **MBString:** * Upgraded
bundled Oniguruma to 6.9.4. (cmb) **OPcache:** * Fixed potential ASLR related
invalid opline handler issues. (cmb) * Fixed $x = (bool)$x; with opcache
emit undeclared variable notice). (Tyson Andre) **PCRE:** * Fixed bug
php#78853 (preg_match() may return integer > 1). (cmb) **Standard:** *
bug php#78759 (array_search in $GLOBALS). (Nikita) * Fixed bug php#77638
(var_export'ing certain class instances segfaults). (cmb) * Fixed bug
(imploding $GLOBALS crashes). (cmb) * Fixed bug php#78833 (Integer overflow in
pack causes out-of-bound access). (cmb) * Fixed bug php#78814 (strip_tags
/ in tag name => whitelist bypass). (cmb)

* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.3.13-1
- Update to 7.3.13 - http://www.php.net/releases/7_3_13.php
* Tue Dec 3 2019 Remi Collet <remi@remirepo.net> - 7.3.13~RC1-1
- update to 7.3.13RC1
* Tue Nov 19 2019 Remi Collet <remi@remirepo.net> - 7.3.12-1
- Update to 7.3.12 - http://www.php.net/releases/7_3_12.php
* Wed Nov 6 2019 Remi Collet <remi@remirepo.net> - 7.3.12~RC1-1
- update to 7.3.12RC1
* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.3.11-1
- Update to 7.3.11 - http://www.php.net/releases/7_3_11.php

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-a54a622670' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten