FEDORA-2019-be4f895015

security update in Fedora 30 for php

Status: stable 10 days ago

PHP version 7.3.6 (30 May 2019)

cURL:

  • Implemented FR #72189 (Add missing CURL_VERSION_* constants). (Javier Spagnoletti)

EXIF:

  • Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas)

FPM:

  • Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka)
  • Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot)

GD:

  • Fixed bug #77943 (imageantialias($image, false); does not work). (cmb)
  • Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). (CVE-2019-11038) (cmb)

Iconv:

  • Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow). (CVE-2019-11039). (maris dot adam)

JSON:

  • Fixed bug #77843 (Use after free with json serializer). (Nikita)

Opcache:

  • Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset. (Alexey Kalinin, Dmitry)

PDO_MySQL:

  • Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb)

Reflection:

  • Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita)

Session:

  • Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb)

SOAP:

  • Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH). (Nikita)

SPL:

  • Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig Duncan)

SQLite:

  • Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)

Standard:

  • Fixed bug #77931 (Warning for array_map mentions wrong type). (Nikita)
  • Fixed bug #78003 (strip_tags output change since PHP 7.3). (cmb)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-be4f895015

Comments 7

This update has been submitted for testing by remi.

This update has been pushed to testing.

My websites with php continue to work after the upgrade.

karma: +1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by remi.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 19 days ago
in testing 18 days ago
in stable 10 days ago

Automated Test Results