CloudLinux OS Blog - Alt-PHP updated
CloudLinux OS Blog

Alt-PHP updated

Alt-PHP updated

 New updated Alt-PHP packages are available from our production repository.

Changelog:

alt-php70-7.0.8-1 (find detailed information on the link: http://www.php.net/ChangeLog-7.php#7.0.8)

  • #72218: (core) If host name cannot be resolved then PHP 7 crashes;

  • #72221: (core) segfault, past-the-end access;

  • #72268: (core) Integer Overflow in nl2br();

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #72308: (fpm) fastcgi_finish_request and logging environment variables;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72337: (gd) invalid dimensions can lead to crash;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #64524: (intl) Add intl.use_exceptions to php.ini-*;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72143: (pcre) preg_replace uses int instead of size_t;

  • #71573: (pdo_pgsql) Segfault (core dumped) if paramno beyond bound;

  • #72294: (pdo_pgsql) Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor;

  • #72284: (pgpdbg) phpdbg fatal errors with coverage;

  • #72195: (postgres) pg_pconnect/pg_connect cause use-after-free;

  • #72197: (postgres) pg_lo_create arbitrary read;

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72017: (standard) range() with float step produces unexpected result;

  • #72193: (standard) dns_get_record returns array containing elements of type 'unknown';

  • #72229: (standard) Wrong reference when serialize/unserialize an object;

  • #72300: (standard) ignore_user_abort(false) has no effect;

  • #72206: (xml) xml_parser_create/xml_parser_free leaks mem;

  • #72155: (xmlrpc) use-after-free caused by get_zval_xmlrpc_type;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72258: (zip) ZipArchive converts filenames to unrecoverable form;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

alt-php56-5.6.23-1 (find detailed information on the link: http://php.net/ChangeLog-5.php#5.6.23)

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72337: (gd) invalid dimensions can lead to crash;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #72446: (gd) Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow;

  • #70484: (intl) selectordinal doesn't work with named parameters;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72140: (openssl) segfault after calling ERR_free_strings();

  • #72321: (phar) invalid free in phar_extract_file();

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

alt-php55-5.5.37-1 (find detailed information on the link: http://www.php.net/ChangeLog-5.php#5.5.37)

  • #72268: (core) Integer Overflow in nl2br();

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #66387 / CVE-2015-8874: (gd) Stack overflow with imagefilltoborder;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #72446: (gd) Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

To upgrade run the command:

yum groupinstall alt-php

Alt-PHP PECL updated
Alt-PHP PECL and ionCube update
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 17 November 2019

Captcha Image