CloudLinux - CloudLinux Blog - Beta: HardenedPHP updated
Blog

Beta: HardenedPHP updated

Beta: HardenedPHP updated

New updated HardenedPHP packages are available from our updates-testing repository.

Changelog:

alt-php44-4.4.9-52

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php51-5.1.6-59

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php52-5.2.17-86

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php53-5.3.29-36

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php54-5.4.45-20

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #70436: Use After Free Vulnerability in unserialize() (core);
  • security bug #72633: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization (core);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72708: php_snmp_parse_oid integer overflow in memory allocation (snmp);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php55-5.5.38-2

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #70436: Use After Free Vulnerability in unserialize() (core);
  • bug #72024: microtime() leaks memory (core);
  • security bug #72633: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization (core);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72708: php_snmp_parse_oid integer overflow in memory allocation (snmp);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

To install run the command: 

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

Hosting Industry Survey is now closed. Stand by fo...
No single website can bring down your server
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 07 April 2020

Captcha Image