php56 보안 업데이트
업데이트 : 2016.10.02
이름 : php56-100:5.6.26-1.an3
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- fixed 5.6.27 official bug
. fixed #73025 Core: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c
. fixed #73058 Core: crypt broken when salt is 'too' long
. fixed #72703 Core: Out of bounds global memory read in BF_crypt triggered by password_verify
. fixed #72972 Filter: Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
. fixed #67167 Filter: Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE
. fixed #73054 Filter: default option ignored when object passed to int filter
. fixed #67325 GD: imagetruecolortopalette: white is duplicated in palette
. fixed #50194 GD: imagettftext broken on transparent background w/o alphablending
. fixed #73003 GD: Integer Overflow in gdImageWebpCtx of gd_webp.c (CVE-2016-7568)
. fixed #53504 GD: imagettfbbox gives incorrect values for bounding box
. fixed #73157 GD: imagegd2() ignores 3rd param if 4 are given
. fixed #73155 GD: imagegd2() writes wrong chunk sizes on boundaries
. fixed #73159 GD: imagegd2(): unrecognized formats may result in corrupted files
. fixed #73161 GD: imagecreatefromgd2() may leak memory
. fixed #72994 Mbstring: mbc_to_code() out of bounds read
. fixed #66964 Mbstring: mb_convert_variables() cannot detect recursion
. fixed #72992 Mbstring: mbstring.internal_encoding doesn't inherit default_charset
. fixed #72590 Opcache: Opcache restart with kill_all_lockers does not work
. fixed #73072 Openssl: Invalid path SNI_server_certs causes segfault
. fixed #68015 Session: Session does not report invalid uid for files save handler
. fixed #73100 Session: session_destroy null dereference in ps_files_path_create
. fixed #73069 Stream: readfile() mangles files larger than 2G
. fixed #70752 Zip: Depacking with wrong password leaves 0 length files
- fixed 5.6.28 official bug
. fixed bug #73203 Standard: passing additional_parameters causes mail to fail
. fixed bug #73213 GD: Integer overflow in imageline() with antialiasing
- security issues
. CVE-2016-7568 GD: Integer Overflow in gdImageWebpCtx of gd_webp.c (#73003)
. CVE-2016-5385 Core: HTTP_PROXY is improperly trusted by some PHP libraries and applications (#72573)
. CVE-2016-6207 GD: Integer overflow error within _gdContributionsAlloc() (#72558)
. CVE-2015-8874 GD: Stack overflow with imagefilltoborder (#66387)
. CVE-2016-5766 GD: Integer Overflow in _gd2GetHeader() resulting in heap overflow (#72339)
. CVE-2016-5767 GD: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (#72446)
. CVE-2016-5768 Mbstring: _php_mb_regex_ereg_replace_exec - double free (#72402)
. CVE-2016-5769 Mcrypt: Heap Overflow due to integer overflows (#72455)
. CVE-2016-5770 SPL: int/size_t confusion in SplFileObject::fread (#72262)
. CVE-2016-5771 SPL: Use After Free Vulnerability in PHP's GC algorithm and unserialize (#72433)
. CVE-2016-5772 WDDX: Double Free Courruption in wddx_deserialize (#72340)
. CVE-2016-5773 Zip: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize (#72434)
업데이트 패키지
SRPMS:
. php56-5.6.26-1.an3.src.rpm
x86_64:
. php56-cli-5.6.26-1.an3.x86_64.rpm
. php56-dba-5.6.26-1.an3.x86_64.rpm
. php56-devel-5.6.26-1.an3.x86_64.rpm
. php56-extension-5.6.26-1.an3.x86_64.rpm
. php56-fpm-5.6.26-1.an3.x86_64.rpm
. php56-mssql-5.6.26-1.an3.x86_64.rpm
. php56-odbc-5.6.26-1.an3.x86_64.rpm
. php56-pgsql-5.6.26-1.an3.x86_64.rpm
|