FEDORA-2015-14976

security update in Fedora 21 for php

Status: stable 3 years ago

03 Sep 2015, PHP 5.6.13

Core:

  • Fixed bug #69900 (Too long timeout on pipes). (Anatol)
  • Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  • Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski)
  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
  • Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com)

CLI server:

  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb)
  • Fixed bug #70264 (CLI server directory traversal). (cmb)

Date:

  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb)

EXIF:

  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas)

hash:

  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)

MCrypt:

  • Fixed bug #69833 (mcrypt fd caching not working). (Anatol)

Opcache:

  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence)

PCRE:

  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb)
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)

SOAP:

  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)

SPL:

  • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com)
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)

Standard:

  • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). (cmb)
  • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). (Tjerk)

XSLT:

  • Fixed bug #69782 (NULL pointer dereference). (Stas)

How to install

sudo dnf upgrade --advisory=FEDORA-2015-14976

Comments 6

This update has been submitted for testing by remi.

This update has been pushed to testing

remi edited this update.

remi edited this update.

This update has been submitted for stable by remi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 24

00 #1260642 CVE-2015-6834 php: Use After Free Vulnerability in unserialize()
00 #1260647 CVE-2015-6835 php: Use after free vulnerability in session deserializer
00 #1260662 php: Use After Free Vulnerability in unserialize() [fedora-all]
00 #1260665 php: Use after free vulnerability in session deserializer [fedora-all]
00 #1260667 php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
00 #1260668 php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes [fedora-all]
00 #1260671 php: HAVAL gives wrong hashes in specific cases
00 #1260672 php: HAVAL gives wrong hashes in specific cases [fedora-all]
00 #1260674 php: Multiple vulnerabilities related to PCRE functions
00 #1260676 php: Multiple vulnerabilities related to PCRE functions [fedora-all]
00 #1260683 CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE
00 #1260684 php: SOAP serialize_function_call() type confusion / RCE [fedora-all]
00 #1260695 php: Another use-after-free vulnerability in unserialize() with SplObjectStorage
00 #1260700 php: Another use-after-free vulnerability in unserialize() with SplObjectStorage [fedora-all]
00 #1260707 php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList
00 #1260708 php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList [fedora-all]
00 #1260711 CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class
00 #1260712 php: NULL pointer dereference in XSLTProcessor class [fedora-all]
00 #1260734 php: new DateTimeZone($foo) is ignoring text after null byte
00 #1260741 php: Null pointer deref (segfault) in spl_autoload via ob_start
00 #1260748 php: getimagesize() fails for very large WBMP causing an integer overflow
00 #1260760 php: new DateTimeZone($foo) is ignoring text after null byte [fedora-all]
00 #1260761 php: Null pointer deref (segfault) in spl_autoload via ob_start [fedora-all]
00 #1260762 php: getimagesize() fails for very large WBMP causing an integer overflow [fedora-all]

Automated Test Results