FEDORA-2018-25100b492c

security update in Fedora 27 for php

Status: testing 5 days ago

PHP version 7.1.22 (13 Sep 2018)

Core:

  • Fixed bug #76754 (parent private constant in extends class memory leak). (Laruence)
  • Fixed bug #72443 (Generate enabled extension). (petk)

Apache2:

  • Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas)

Bz2:

  • Fixed arginfo for bzcompress. (Tyson Andre)

gettext:

  • Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)

iconv:

  • Fixed bug #68180 (iconv_mime_decode can return extra characters in a header). (cmb)
  • Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers). (cmb)
  • Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
  • Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb)

intl:

  • Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders). (Anatol)

libxml:

  • Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined). (Ville Hukkam√§ki)

mbstring:

  • Fixed bug #76704 (mb_detect_order return value varies based on argument type). (cmb)

Opcache:

  • Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file). (Laruence)

OpenSSL:

  • Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()). (Jakub Zelenka)

phpdbg:

  • Fixed bug #76595 (phpdbg man page contains outdated information). (Kevin Abel)

SPL:

  • Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb)
  • Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim Siebels)

Standard:

  • Fixed bug #76778 (array_reduce leaks memory if callback throws exception). (cmb)

zlib:

  • Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option). (Jay Bonci)
  • Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)

Comments 4

This update has been submitted for testing by remi.

This update has been pushed to testing.

I installed this on my Nextcloud server and it seems to work.

karma: +1

remi edited this update.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1629552 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
#1629553 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request [fedora-all]
Is the update generally functional?
Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 7 days ago
in testing 5 days ago
days to stable 2
modified 2 days ago

Related Bugs 2

00 #1629552 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
00 #1629553 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request [fedora-all]

Automated Test Results