php71 보안 업데이트
업데이트 : 2019.06.09
이름 : php71-2:7.1.30-1.an3
벤더 : AnNyung Packaging Team
설명 :
PHP 7.1 is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- update 7.2.30
. http://php.net/ChangeLog-7.php#7.1.30
. http://php.net/ChangeLog-7.php#7.1.29
. http://php.net/ChangeLog-7.php#7.1.28
. http://php.net/ChangeLog-7.php#7.1.27
. http://php.net/ChangeLog-7.php#7.1.26
- security issues:
. CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
. CVE-2019-11038 CD: Uninitialized read in gdImageCreateFromXbm (#77973)
. CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow (#78069)
. CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
. CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
. CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
. CVE-2019-9637 Core: rename() across the device may allow unwanted access during processing (#77630)
. CVE-2019-9641 EXIF: Uninitialized read in exif_process_IFD_in_TIFF (#77509)
. CVE-2019-9640 EXIF: Invalid Read on exif_process_SOFn (#77540)
. CVE-2019-9638 EXIF: Uninitialized read in exif_process_IFD_in_MAKERNOTE (#77563)
. CVE-2019-9639 EXIF: Uninitialized read in exif_process_IFD_in_MAKERNOTE (#77659)
. CVE-2019-9022 Core: memcpy with negative length via crafted DNS response (#77369)
. CVE-2016-10166 GD: efree() on uninitialized Heap data in imagescale leads to use-after-free (#77269)
. CVE-2019-6977 GD: imagecolormatch Out Of Bounds Write on Heap (#77270)
. CVE-2019-9023 Mbstring: Buffer overflow on mb regex functions - fetch_token (#77370)
. CVE-2019-9023 Mbstring: heap buffer overflow in mb regex functions - compile_string_node (#77371)
. CVE-2019-9023 Mbstring: heap buffer overflow in multibyte match_at (#77381)
. CVE-2019-9023 Mbstring: heap buffer overflow due to incorrect length in expand_case_fold_string (#77382)
. CVE-2019-9023 Mbstring: buffer overflow in fetch_token (#77385)
. CVE-2019-9023 Mbstring: Buffer overflow in multibyte case folding - unicode (#77394)
. CVE-2019-9023 Mbstring: Heap overflow in utf32be_mbc_to_code (#77418)
. CVE-2019-9021 Phar: heap buffer overflow in phar_detect_phar_fname_ext (#77247)
. CVE-2019-9020 Xmlrpc: heap out of bounds read in xmlrpc_decode() (#77242)
. CVE-2019-9024 Xmlrpc: Global out of bounds read in xmlrpc base64 code (#77380)
- 3rd party extensions
. mysql: removed and seperated by php72-mysql package
. libevent: fixed #23 Segmentation fault where there is more than one timer event
업데이트 패키지
SRPMS:
. php71-7.1.30-1.an3.src.rpm
x86_64:
. php71-7.1.30-1.an3.x86_64.rpm
. php71-cli-7.1.30-1.an3.x86_64.rpm
. php71-dba-7.1.30-1.an3.x86_64.rpm
. php71-dblib-7.1.30-1.an3.x86_64.rpm
. php71-devel-7.1.30-1.an3.x86_64.rpm
. php71-extension-7.1.30-1.an3.x86_64.rpm
. php71-fpm-7.1.30-1.an3.x86_64.rpm
. php71-odbc-7.1.30-1.an3.x86_64.rpm
. php71-pgsql-7.1.30-1.an3.x86_64.rpm
|