stable

php-5.6.27-1.fc23

FEDORA-2016-0729e59542 created by remi 8 years ago for Fedora 23

13 Oct 2016 - PHP version 5.6.27

Core:

  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
  • Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
  • Fixed bug #73147 (Use After Free in unserialize()). (Stas)

BCmath:

  • Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

DOM:

  • Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)

Ereg:

  • Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)

Filter:

  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
  • Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). (levim, cmb)
  • Fixed bug #73054 (default option ignored when object passed to int filter). (cmb)

GD:

  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)

Intl:

  • Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)

Imap:

  • Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption). (Stas)

Mbstring:

  • Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo)
  • Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)

PCRE:

  • Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)

Opcache:

  • Fixed bug #72590 (Opcache restart with kill_all_lockers does not work). (Keyur) (julien backport)

OpenSSL:

  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
  • Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)

Session:

  • Fixed bug #68015 (Session does not report invalid uid for files save handler). (Yasuo)
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). (cmb)

SimpleXML:

  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)

SPL:

  • Fixed bug #73073 (CachingIterator null dereference when convert to string). (Stas)

Standard:

  • Fixed bug #73240 (Write out of bounds at number_format). (Stas)
  • Fixed bug #73017 (memory corruption in wordwrap function). (Stas)

Stream:

  • Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-0729e59542

This update has been submitted for testing by remi.

8 years ago

This update has been pushed to testing.

8 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by remi.

8 years ago

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago

Automated Test Results