AnNyung Official Homepage Home > Update [ 3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트 

 : 2016.10.15
     : php-100:7.0.12-1.an3
     : AnNyung Packaging Team

     :

    PHP is an HTML-embedded scripting language.  PHP attempts to make it
    easy for developers to write dynamically generated web pages.  PHP
    also offers built-in database integration for several commercial
    and non-commercial database management systems, so writing a
    database-enabled web page with PHP is fairly simple.  The most
    common use of PHP coding is probably as a replacement for CGI
    scripts.  The mod_php module enables the Apache web server to
    understand and process the embedded PHP language in web pages.
    
    Building option:
    	--with no_goto : if don't add vm kind option with goto..

변경사항

    - update 7.0.12
    - fixed libevent segmentation fault (#9)
    
    - official 7.0.12 bug fixed
      . fixed bug #73181 Core: parse_str() without a second argument leads to crash
      . fixed bug #66773 Core: Autoload with Opcache allows importing conflicting
                               class name to namespace
      . fixed bug #66862 Core: (Sub-)Namespaces unexpected behaviour
      . fixed bug #73213 GD: Integer overflow in imageline() with antialiasing
      . fixed bug #73272 GD: imagescale() is not affected by, but affects
                             imagesetinterpolation()
      . fixed bug #73279 GD: Integer overflow in gdImageScaleBilinearPalette()
      . fixed bug #73280 GD: Stack Buffer Overflow in GD dynamicGetbuf
      . fixed bug #73273 Session: session_unset() empties values from all variables
                                  in which is $_session stored
      . fixed bug #73037 SOAP: SoapServer reports Bad Request when gzipped
      . fixed bug #73237 SOAP: Nested object in "any" element overwrites other fields
      . fixed bug #73203 Standard: passing additional_parameters causes mail to fail
    
    - security issues
      . CVE-2016-7416 Intl: add locale length check  (#73007)
      . CVE-2016-7412 Mysqlnd: Heap overflow in mysqlnd related to BIT fields (#72293)
      . CVE-2016-7414 Phar: Out of bound when verify signature of zip phar in phar_parse_zipfile (#72928)
      . CVE-2016-7417 SPL: Missing type check when unserializing SplArray (#73029)
      . CVE-2016-7413 Wddx: wddx_deserialize use-after-free (#72860)
      . CVE-2016-7418 Wddx: Out-Of-Bounds Read in php_wddx_push_element (#73065)
      . CVE-2016-7124 Core: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (#72663)
      . CVE-2016-7125 Core: PHP Session Data Injection Vulnerability). (#72681)
      . CVE-2016-7133 Core: memory allocator fails to realloc small block to large one). (#72742)
      . CVE-2016-7134 CURL: Heap overflow in curl_escape). (#72674)
      . CVE-2016-7128 EXIF: Memory Leakage In exif_process_IFD_in_TIFF). (#72627)
      . CVE-2016-7126 GD: select_colors write out-of-bounds). (#72697)
      . CVE-2016-7127 GD: imagegammacorrect allows arbitrary write access). (#72730)
      . CVE-2016-7129 WDDX: wddx_deserialize allows illegal memory access). (#72749)
      . CVE-2016-7130 WDDX: wddx_deserialize null dereference). (#72750)
      . CVE-2016-7131 WDDX: wddx_deserialize null dereference with invalid xml). (#72790)
      . CVE-2016-7132 WDDX: wddx_deserialize null dereference in php_wddx_pop_element). (#72799)
      . CVE-2016-6289 Core: Stack-based buffer overflow vulnerability in virtual_file_ex). (#72513)
      . CVE-2016-5385 Core: HTTP_PROXY is improperly trusted by some PHP libraries and applications). (#72573)
      . CVE-2016-5399 Bzip2: Inadequate error handling in bzread()). (#72613)
      . CVE-2016-6291 EXIF: Out of bound read in exif_process_IFD_in_MAKERNOTE). (#72603)
      . CVE-2016-6292 EXIF: NULL Pointer Dereference in exif_process_user_comment). (#72618)
      . CVE-2016-6207 GD: Integer overflow error within _gdContributionsAlloc()). (#72558)
      . CVE-2016-6294 Intl: locale_accept_from_http out-of-bounds access). (#72533)
      . CVE-2016-6295 SNMP: Use After Free Vulnerability in SNMP with GC and unserialize()). (#72479)
      . CVE-2016-6297 Zip: Stack-based buffer overflow vulnerability in php_stream_zip_opener). (#72520)
      . CVE-2015-8874 GD: Stack overflow with imagefilltoborder). (#66387)
      . CVE-2016-5766 GD: Integer Overflow in _gd2GetHeader() resulting in heap overflow). (#72339)
      . CVE-2016-5767 GD: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (#72446)
      . CVE-2016-5769 mcrypt: Heap Overflow due to integer overflows). (#72455)
      . CVE-2016-4473 Phar: invalid free in phar_extract_file()). (#72321)
      . CVE-2016-5772 WDDX: Double Free Courruption in wddx_deserialize). (#72340)
      . CVE-2016-5773 Zip: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (#72434)



    SRPMS:
        . php-7.0.12-1.an3.src.rpm

    x86_64:
        . php-7.0.12-1.an3.x86_64.rpm
        . php-cli-7.0.12-1.an3.x86_64.rpm
        . php-dba-7.0.12-1.an3.x86_64.rpm
        . php-dblib-7.0.12-1.an3.x86_64.rpm
        . php-devel-7.0.12-1.an3.x86_64.rpm
        . php-extension-7.0.12-1.an3.x86_64.rpm
        . php-fpm-7.0.12-1.an3.x86_64.rpm
        . php-odbc-7.0.12-1.an3.x86_64.rpm
        . php-pgsql-7.0.12-1.an3.x86_64.rpm


    

 Home > Update [ 3 ]
Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2021/12/30