FEDORA-2015-14976 created by remi 4 years ago for Fedora 21
stable

03 Sep 2015, PHP 5.6.13

Core:

  • Fixed bug #69900 (Too long timeout on pipes). (Anatol)
  • Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  • Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski)
  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
  • Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com)

CLI server:

  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb)
  • Fixed bug #70264 (CLI server directory traversal). (cmb)

Date:

  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb)

EXIF:

  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas)

hash:

  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)

MCrypt:

  • Fixed bug #69833 (mcrypt fd caching not working). (Anatol)

Opcache:

  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence)

PCRE:

  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb)
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)

SOAP:

  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)

SPL:

  • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com)
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)

Standard:

  • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb)
  • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk)

XSLT:

  • Fixed bug #69782 (NULL pointer dereference). (Stas)

How to install

sudo dnf upgrade --advisory=FEDORA-2015-14976

This update has been submitted for testing by remi.

4 years ago

This update has been pushed to testing

4 years ago

remi edited this update.

4 years ago

remi edited this update.

4 years ago

This update has been submitted for stable by remi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1260642 CVE-2015-6834 php: Use After Free Vulnerability in unserialize()
0
0
BZ#1260647 CVE-2015-6835 php: Use after free vulnerability in session deserializer
0
0
BZ#1260662 php: Use After Free Vulnerability in unserialize() [fedora-all]
0
0
BZ#1260665 php: Use after free vulnerability in session deserializer [fedora-all]
0
0
BZ#1260667 php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
0
0
BZ#1260668 php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes [fedora-all]
0
0
BZ#1260671 php: HAVAL gives wrong hashes in specific cases
0
0
BZ#1260672 php: HAVAL gives wrong hashes in specific cases [fedora-all]
0
0
BZ#1260674 php: Multiple vulnerabilities related to PCRE functions
0
0
BZ#1260676 php: Multiple vulnerabilities related to PCRE functions [fedora-all]
0
0
BZ#1260683 CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE
0
0
BZ#1260684 php: SOAP serialize_function_call() type confusion / RCE [fedora-all]
0
0
BZ#1260695 php: Another use-after-free vulnerability in unserialize() with SplObjectStorage
0
0
BZ#1260700 php: Another use-after-free vulnerability in unserialize() with SplObjectStorage [fedora-all]
0
0
BZ#1260707 php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList
0
0
BZ#1260708 php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList [fedora-all]
0
0
BZ#1260711 CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class
0
0
BZ#1260712 php: NULL pointer dereference in XSLTProcessor class [fedora-all]
0
0
BZ#1260734 php: new DateTimeZone($foo) is ignoring text after null byte
0
0
BZ#1260741 php: Null pointer deref (segfault) in spl_autoload via ob_start
0
0
BZ#1260748 php: getimagesize() fails for very large WBMP causing an integer overflow
0
0
BZ#1260760 php: new DateTimeZone($foo) is ignoring text after null byte [fedora-all]
0
0
BZ#1260761 php: Null pointer deref (segfault) in spl_autoload via ob_start [fedora-all]
0
0
BZ#1260762 php: getimagesize() fails for very large WBMP causing an integer overflow [fedora-all]
0
0

Automated Test Results