FEDORA-2018-04f6056c42

security update in Fedora 27 for php

Status: stable 6 months ago

PHP version 7.1.17 (26 Apr 2018)

Date:

  • Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

Exif:

  • Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas)

FPM:

  • Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps)
  • Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

GD:

  • Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible). (cmb)

iconv:

  • Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas)

intl:

  • Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

ldap:

  • Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

mbstring:

  • Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  • Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb)

Phar:

  • Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

phpdbg:

  • Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

SPL:

  • Fixed bug #76131 (mismatch arginfo for splarray constructor). (carusogabriel)

standard:

  • Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

Comments 8

This update has been submitted for testing by remi.

This update has been pushed to testing.

no regressions noted

karma: +1

remi edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by remi.

This update has been submitted for stable by remi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1573797 CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
#1573802 CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
#1573805 CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
#1573814 CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
#1573816 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 7 months ago
in testing 7 months ago
in stable 6 months ago
modified 6 months ago

Related Bugs 5

00 #1573797 CVE-2018-10549 php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data
00 #1573802 CVE-2018-10546 php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
00 #1573805 CVE-2018-10548 php: Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attacker
00 #1573814 CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages
00 #1573816 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 php: various flaws [fedora-all]

Automated Test Results