[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Mon Sep 14 22:23:26 UTC 2015


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-14976
2015-09-14 18:15:25.986582
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 21
Version     : 5.6.13
Release     : 1.fc21
URL         : http://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

03 Sep 2015, **PHP 5.6.13**  **Core:**  * Fixed bug #69900 (Too long timeout on
pipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixed
bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol
Belski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
(Stas) * Fixed bug #70219 (Use after free vulnerability in session
deserializer). (taoguangchen at icloud dot com)  **CLI server:**  * Fixed bug
#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug
#70264 (CLI server directory traversal). (cmb)  **Date:**  * Fixed bug #70266
(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb)  **EXIF:**  * Fixed bug #70385 (Buffer over-read in exif_read_data with
TIFF IFD tag byte value of 32 bytes). (Stas)  **hash:**  * Fixed bug #70312
(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)
**MCrypt:**  * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
**Opcache:**  * Fixed bug #70237 (Empty while and do-while segmentation fault
with opcode on CLI enabled). (Dmitry, Laruence)  **PCRE:**  * Fixed bug #70232
(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixed
bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)
**SOAP:**  * Fixed bug #70388 (SOAP serialize_function_call() type confusion /
RCE). (Stas)  **SPL:**  * Fixed bug #70290 (Null pointer deref (segfault) in
spl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug
#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug
#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-free
vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at
icloud dot com)  **Standard:**  * Fixed bug #70052 (getimagesize() fails for
very large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()
segmentation fault with INI_SCANNER_TYPED). (Tjerk)  **XSLT:**  * Fixed bug
#69782 (NULL pointer dereference). (Stas)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1260711 - CVE-2015-6837 CVE-2015-6838 php: NULL pointer dereference in XSLTProcessor class
        https://bugzilla.redhat.com/show_bug.cgi?id=1260711
  [ 2 ] Bug #1260741 - php: Null pointer deref (segfault) in spl_autoload via ob_start
        https://bugzilla.redhat.com/show_bug.cgi?id=1260741
  [ 3 ] Bug #1260734 - php: new DateTimeZone($foo) is ignoring text after null byte
        https://bugzilla.redhat.com/show_bug.cgi?id=1260734
  [ 4 ] Bug #1260707 - php: Another use-after-free vulnerability in unserialize() with SplDoublyLinkedList
        https://bugzilla.redhat.com/show_bug.cgi?id=1260707
  [ 5 ] Bug #1260671 - php: HAVAL gives wrong hashes in specific cases
        https://bugzilla.redhat.com/show_bug.cgi?id=1260671
  [ 6 ] Bug #1260642 - CVE-2015-6834 php: Use After Free Vulnerability in unserialize()
        https://bugzilla.redhat.com/show_bug.cgi?id=1260642
  [ 7 ] Bug #1260683 - CVE-2015-6836 php: SOAP serialize_function_call() type confusion / RCE
        https://bugzilla.redhat.com/show_bug.cgi?id=1260683
  [ 8 ] Bug #1260667 - php: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
        https://bugzilla.redhat.com/show_bug.cgi?id=1260667
  [ 9 ] Bug #1260647 - CVE-2015-6835 php: Use after free vulnerability in session deserializer
        https://bugzilla.redhat.com/show_bug.cgi?id=1260647
  [ 10 ] Bug #1260748 - php: getimagesize() fails for very large WBMP causing an integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1260748
  [ 11 ] Bug #1260695 - php: Another use-after-free vulnerability in unserialize() with SplObjectStorage
        https://bugzilla.redhat.com/show_bug.cgi?id=1260695
  [ 12 ] Bug #1260674 - php: Multiple vulnerabilities related to PCRE functions
        https://bugzilla.redhat.com/show_bug.cgi?id=1260674
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list