AnNyung Official Homepage Home > Update [ 3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php56 보안 업데이트

 : 2016.10.02
     : php56-100:5.6.26-1.an3
     : AnNyung Packaging Team

     :

    PHP is an HTML-embedded scripting language.  PHP attempts to make it
    easy for developers to write dynamically generated web pages.  PHP
    also offers built-in database integration for several commercial
    and non-commercial database management systems, so writing a
    database-enabled web page with PHP is fairly simple.  The most
    common use of PHP coding is probably as a replacement for CGI
    scripts.  The mod_php module enables the Apache web server to
    understand and process the embedded PHP language in web pages.
    
    Building option:
    	--with no_goto : if don't add vm kind option with goto..

변경사항

    - fixed 5.6.27 official bug
      . fixed #73025 Core: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c
      . fixed #73058 Core: crypt broken when salt is 'too' long
      . fixed #72703 Core: Out of bounds global memory read in BF_crypt triggered by password_verify
      . fixed #72972 Filter: Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
      . fixed #67167 Filter: Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE
      . fixed #73054 Filter: default option ignored when object passed to int filter
      . fixed #67325 GD: imagetruecolortopalette: white is duplicated in palette
      . fixed #50194 GD: imagettftext broken on transparent background w/o alphablending
      . fixed #73003 GD: Integer Overflow in gdImageWebpCtx of gd_webp.c (CVE-2016-7568)
      . fixed #53504 GD: imagettfbbox gives incorrect values for bounding box
      . fixed #73157 GD: imagegd2() ignores 3rd param if 4 are given
      . fixed #73155 GD: imagegd2() writes wrong chunk sizes on boundaries
      . fixed #73159 GD: imagegd2(): unrecognized formats may result in corrupted files
      . fixed #73161 GD: imagecreatefromgd2() may leak memory
      . fixed #72994 Mbstring: mbc_to_code() out of bounds read
      . fixed #66964 Mbstring: mb_convert_variables() cannot detect recursion
      . fixed #72992 Mbstring: mbstring.internal_encoding doesn't inherit default_charset
      . fixed #72590 Opcache: Opcache restart with kill_all_lockers does not work
      . fixed #73072 Openssl: Invalid path SNI_server_certs causes segfault
      . fixed #68015 Session: Session does not report invalid uid for files save handler
      . fixed #73100 Session: session_destroy null dereference in ps_files_path_create
      . fixed #73069 Stream: readfile() mangles files larger than 2G
      . fixed #70752 Zip: Depacking with wrong password leaves 0 length files
    
    - fixed 5.6.28 official bug
      . fixed bug #73203 Standard: passing additional_parameters causes mail to fail
      . fixed bug #73213 GD: Integer overflow in imageline() with antialiasing
    
    - security issues
      . CVE-2016-7568 GD: Integer Overflow in gdImageWebpCtx of gd_webp.c (#73003)
      . CVE-2016-5385 Core: HTTP_PROXY is improperly trusted by some PHP libraries and applications (#72573)
      . CVE-2016-6207 GD: Integer overflow error within _gdContributionsAlloc() (#72558)
      . CVE-2015-8874 GD: Stack overflow with imagefilltoborder (#66387)
      . CVE-2016-5766 GD: Integer Overflow in _gd2GetHeader() resulting in heap overflow (#72339)
      . CVE-2016-5767 GD: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (#72446)
      . CVE-2016-5768 Mbstring: _php_mb_regex_ereg_replace_exec - double free (#72402)
      . CVE-2016-5769 Mcrypt: Heap Overflow due to integer overflows (#72455)
      . CVE-2016-5770 SPL: int/size_t confusion in SplFileObject::fread (#72262)
      . CVE-2016-5771 SPL: Use After Free Vulnerability in PHP's GC algorithm and unserialize (#72433)
      . CVE-2016-5772 WDDX: Double Free Courruption in wddx_deserialize (#72340)
      . CVE-2016-5773 Zip: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (#72434)



    SRPMS:
        . php56-5.6.26-1.an3.src.rpm

    x86_64:
        . php56-cli-5.6.26-1.an3.x86_64.rpm
        . php56-dba-5.6.26-1.an3.x86_64.rpm
        . php56-devel-5.6.26-1.an3.x86_64.rpm
        . php56-extension-5.6.26-1.an3.x86_64.rpm
        . php56-fpm-5.6.26-1.an3.x86_64.rpm
        . php56-mssql-5.6.26-1.an3.x86_64.rpm
        . php56-odbc-5.6.26-1.an3.x86_64.rpm
        . php56-pgsql-5.6.26-1.an3.x86_64.rpm



    



 Home > Update [ 3 ]

Copyright 2017 OOPS Development Organization 
LAST MODIFIED: 2016/12/13