php 보안 업데이트
업데이트 : 2020.01.23
이름 : php-100:7.0.33-4.an3
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- security issues
. CVE-2019-13224 #78380 MBString: don't allow different encodings for onig_new_deluxe
. CVE-2019-11050 #78793 EXIF: Use-after-free in exif parsing under memory sanitizer
. CVE-2019-11047 #78910 EXIF: Heap-buffer-overflow READ in exif
. CVE-2019-11046 #78878 Bcmath: Buffer underflow in bc_shift_addsub
. CVE-2019-11045 #78863 Core: DirectoryIterator class silently truncates after a null byte
. CVE-2019-11044 #78862 Core: link() silently truncates after a null byte on Windows
. CVE-2019-11043 #78599 FPM: env_path_info underflow in fpm_main.c can lead to RCE
. CVE-2019-11042 #78256 EXIF: heap-buffer-overflow on exif_process_user_comment
. CVE-2019-11041 #78222 EXIF: heap-buffer-overflow on exif_scan_thumbnail
. CVE-2020-7060 #79037 Mbstring: global buffer-overflow in 'mbfl_filt_conv_big5_wchar'
. CVE-2020-7059 #79099 Standard: OOB read in php_strip_tags_ex
업데이트 패키지
SRPMS:
. php-7.0.33-4.an3.src.rpm
x86_64:
. php-7.0.33-4.an3.x86_64.rpm
. php-cli-7.0.33-4.an3.x86_64.rpm
. php-dba-7.0.33-4.an3.x86_64.rpm
. php-dblib-7.0.33-4.an3.x86_64.rpm
. php-devel-7.0.33-4.an3.x86_64.rpm
. php-extension-7.0.33-4.an3.x86_64.rpm
. php-fpm-7.0.33-4.an3.x86_64.rpm
. php-odbc-7.0.33-4.an3.x86_64.rpm
. php-pgsql-7.0.33-4.an3.x86_64.rpm
|