Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: FEDORA-2020-32f9a2b308
Distribution: Fedora
Plattformen: Fedora 31
Datum: Do, 27. Februar 2020, 21:13
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7062
Applikationen: PHP


Fedora Update Notification
2020-02-27 17:26:04.898486

Name : php
Product : Fedora 31
Version : 7.3.15
Release : 1.fc31
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Update Information:

**PHP version 7.3.15** (20 Feb 2020) **Core:** * Fixed bug php#71876 (Memory
corruption htmlspecialchars(): charset `*' not supported). (Nikita) * Fixed
#php#79146 (cscript can fail to run on some systems). (clarodeus) * Fixed bug
php#78323 (Code 0 is returned on invalid options). (Ivan Mikheykin) * Fixed bug
php#76047 (Use-after-free when accessing already destructed backtrace
arguments). (Nikita) **CURL:** * Fixed bug php#79078 (Hypothetical use-after-
free in curl_multi_add_handle()). (cmb) **Intl:** * Fixed bug php#79212
(NumberFormatter::format() may detect wrong type). (cmb) **Libxml:** * Fixed
bug php#79191 (Error in SoapClient ctor disables DOMDocument::save()). (Nikita,
cmb) **MBString:** * Fixed bug php#79154 (mb_convert_encoding() can modify
$from_encoding). (cmb) **MySQLnd:** * Fixed bug php#79084 (mysqlnd may fetch
wrong column indexes with MYSQLI_BOTH). (cmb) **OpenSSL:** * Fixed bug
php#79145 (openssl memory leak). (cmb, Nikita) **Phar:** * Fixed bug
(Files added to tar with Phar::buildFromIterator have all-access permissions).
(**CVE-2020-7063**) (stas) * Fixed bug php#79171 (heap-buffer-overflow in
phar_extract_file). (**CVE-2020-7061**) (cmb) * Fixed bug php#76584
(PharFileInfo::decompress not working). (cmb) **Reflection:** * Fixed bug
php#79115 (ReflectionClass::isCloneable call reflected class __destruct).
(Nikita) **Session:** * Fixed bug php#79221 (Null Pointer Dereference in PHP
Session Upload Progress). (**CVE-2020-7062**) (stas) **SPL:** * Fixed bug
php#79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
(Nikita) **Standard:** * Fixed bug php#78902 (Memory leak when using
stream_filter_append). (liudaixiao) **Testing:** * Fixed bug php#78090
(bug45161.phpt takes forever to finish). (cmb) **XSL:** * Fixed bug php#70078
(XSL callbacks with nodes as parameter leak memory). (cmb)

* Tue Feb 18 2020 Remi Collet <remi@remirepo.net> - 7.3.15-1
- Update to 7.3.15 - http://www.php.net/releases/7_3_15.php
* Tue Jan 21 2020 Remi Collet <remi@remirepo.net> - 7.3.14-1
- Update to 7.3.14 - http://www.php.net/releases/7_3_14.php
* Tue Jan 7 2020 Remi Collet <remi@remirepo.net> - 7.3.14~RC1-1
- update to 7.3.14RC1
* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.3.13-1
- Update to 7.3.13 - http://www.php.net/releases/7_3_13.php
* Tue Dec 3 2019 Remi Collet <remi@remirepo.net> - 7.3.13~RC1-1
- update to 7.3.13RC1
* Tue Nov 19 2019 Remi Collet <remi@remirepo.net> - 7.3.12-1
- Update to 7.3.12 - http://www.php.net/releases/7_3_12.php
* Wed Nov 6 2019 Remi Collet <remi@remirepo.net> - 7.3.12~RC1-1
- update to 7.3.12RC1
* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.3.11-1
- Update to 7.3.11 - http://www.php.net/releases/7_3_11.php

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-32f9a2b308' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten