FEDORA-2015-2315

security update in Fedora 21 for php

Status: stable 4 years ago

19 Feb 2015, PHP 5.6.6

Core: Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas) Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo) Added NULL byte protection to exec, system and passthru. (Yasuo)

Dba: * Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

Enchant: * Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (Antony)

Fileinfo: Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol) * Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs). (Anatol)

FPM: Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence)

LIBXML: * Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen)

Mysqli: Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)

Opcache: * Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence)

PDO_mysql: * Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198 at aol dot com)

Phar: * Fixed bug #68901 (use after free). (bugreports at internot dot info)

Pgsql: * Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

Session: Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) Fixed Bug #66623 (no EINTR check on flock) (Yasuo) * Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

Sqlite3: * Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)

Standard: Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey) Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). (Anatol)

Streams: * Fixed bug which caused call after final close on streams filter. (Bob)

How to install

sudo dnf upgrade --advisory=FEDORA-2015-2315

Comments 12

This update has been submitted for testing by remi.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/39274/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/39274/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

This update has been pushed to testing

Personal LAMP and mail server running GNOME. All OK.

karma: +1

work fine

karma: +1

works fine

karma: +1

This update has reached the stable karma threshold and will be pushed to the stable updates repository

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/40149/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

This update has been pushed to stable

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 4 years ago
in testing 4 years ago
in stable 4 years ago

Automated Test Results