FEDORA-2018-dfe1f0bac6

security update in Fedora 28 for php

Status: stable 2 months ago

PHP version 7.2.13 (06 Dec 2018)

ftp:

  • Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi)

CLI:

  • Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters). (Anatol)

Fileinfo:

  • Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)). (Anatol)

iconv:

  • Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb)

Core:

  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter). (Stas)

IMAP:

  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (Stas)

ODBC:

  • Fixed bug #77079 (odbc_fetch_object has incorrect type signature). (Jon Allen)

Opcache:

  • Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)
  • Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita)

Phar:

  • Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (Stas)

PGSQL:

  • Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type). (Andy Gajetzki)

SOAP:

  • Fixed bug #50675 (SoapClient can't handle object references correctly). (Cameron Porter)
  • Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb)
  • Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)

Sockets:

  • Fixed bug #67619 (Validate length on socket_write). (thiagooak)

From upstream

IMAP

  • Fix #77020 null pointer dereference in imap_mail CVE-2018-19935

How to install

sudo dnf upgrade --advisory=FEDORA-2018-dfe1f0bac6

Comments 10

This update has been submitted for testing by remi.

This update has been pushed to testing.

remi edited this update.

New build(s):

  • php-7.2.13-2.fc28

Removed build(s):

  • php-7.2.13-1.fc28

Karma has been reset.

This update has been submitted for testing by remi.

This update has been pushed to testing.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by remi.

This update has been submitted for stable by remi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1654228 CVE-2018-19518 php: imap_open() allows running arbitrary shell commands via mailbox parameter
#1654230 CVE-2018-19518 php: imap_open allows running arbitrary shell commands via mailbox parameter [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable 2 months ago
modified 2 months ago

Related Bugs 2

00 #1654228 CVE-2018-19518 php: imap_open() allows running arbitrary shell commands via mailbox parameter
00 #1654230 CVE-2018-19518 php: imap_open allows running arbitrary shell commands via mailbox parameter [fedora-all]

Automated Test Results