stable
FEDORA-2016-cd2bd0800f created by remi 6 years ago for Fedora 23

21 Jul 2016, PHP 5.6.24

Core:

  • Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA). (mike dot laspina at gmail dot com, Remi)
  • Fixed bug #72496 (Cannot declare public method with signature incompatible with parent private method). (Pedro Magalhães)
  • Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
  • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com)
  • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com)
  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385) (Stas)

bz2:

  • Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at stealien dot com).
  • Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

EXIF:

  • Fixed bug #50845 (exif_read_data() returns corrupted exif headers). (Bartosz Dziewoński)
  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas)
  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas)

Intl:

  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

ODBC:

  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

OpenSSL:

  • Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe). (Jakub Zelenka)
  • Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params). (Jakub Zelenka)

SNMP:

  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com)

SPL:

  • Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)

SQLite3:

  • Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work). (cmb)

Streams:

  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence)

Xmlrpc:

  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2016-cd2bd0800f

This update has been submitted for testing by remi.

6 years ago

This update has been pushed to testing.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by remi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago

Automated Test Results