FEDORA-2017-b8bb4b86e2 created by remi 3 years ago for Fedora 26
stable

PHP version 7.1.7 (06 Jul 2017)

Core:

  • Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)
  • Fixed bug #74658 (Undefined constants in array properties result in broken properties). (Laruence)
  • Fixed misparsing of abstract unix domain socket names. (Sara)
  • Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (Stas)
  • Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita)
  • Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (Nikita)
  • Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick)

Date:

  • Fixed bug #74639 (implement clone for DatePeriod and DateInterval). (andrewnester)

DOM:

  • Fixed bug #69373 (References to deleted XPath query results). (ttoohey)

Intl:

  • Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
  • Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)

Mbstring:

  • Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

Opcache:

  • Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence)
  • Revert opcache.enable_cli to default disabled. (Nikita)

OpenSSL:

  • Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in content). (Anatol)
  • Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas)

Reflection:

  • Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)

SPL:

  • Fixed bug #74478 (null coalescing operator failing with SplFixedArray). (jhdxr)

FTP:

  • Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)

PHAR:

  • Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)

SOAP

  • Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)

Streams:

  • Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)

How to install

sudo dnf upgrade --advisory=FEDORA-2017-b8bb4b86e2

This update has been submitted for testing by remi.

3 years ago

This update has been pushed to testing.

3 years ago

remi edited this update.

3 years ago
User Icon besser82 commented & provided feedback 3 years ago
karma

Works great! LGTM! =)

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by remi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago

Automated Test Results