CloudLinux OS Blog - Alt-PHP updated
CloudLinux OS Blog

Alt-PHP updated

Alt-PHP updated

New updated Alt-PHP packages are available for download from our production repository.

alt-php56-5.6.25-1  (please check the full changelog on the link http://www.php.net/ChangeLog-5.php#5.6.25)

  • ALTPHP-212: implemented additional mail header to track sending file path (X-PHP-Filename);
  • #72837 (bz2): integer overflow in bzdecompress caused heap corruption;
  • #70436 (core): use After Free Vulnerability in unserialize();
  • #72024 (core): microtime() leaks memory;
  • #72581 (core): previous property undefined in Exception after deserialization;
  • #72614 (core): support "nmake test" on building extensions by phpize;
  • #72663 (core): create an Unexpected Object and Don't Invoke __wakeup() in Deserialization;
  • #72681 (core): PHP Session Data Injection Vulnerability;
  • #67976 (calendar): cal_days_month() fails for final month of the French calendar;
  • #71894 (calendar): AddressSanitizer: global-buffer-overflow in zif_cal_from_jd;
  • #71144 (curl): segmentation fault when using cURL with ZTS;
  • #71929 (curl): certification information (CERTINFO) data parsing error;
  • #72807 (curl): integer overflow in curl_escape caused heap corruption;
  • #66502 (dom): DOM document dangling reference;
  • #72838 (ereg): integer overflow lead to heap corruption in sql_regcase;
  • #72627 (exif): memory Leakage In exif_process_IFD_in_TIFF;
  • #72735 (exif): Samsung picture thumb not read (zero size);
  • #71745 (filter): FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range;
  • #72575 (fpm): using --allow-to-run-as-root should ignore missing user;
  • #43828 (gd): broken transparency of imagearc for truecolor in blendingmode;
  • #66555 (gd): always false condition in ext/gd/libgd/gdkanji.c;
  • #68712 (gd): suspicious if-else statements;
  • #70315 (gd): 500 Server Error but page is fully rendered;
  • #72596 (gd): imagetypes function won't advertise WEBP support;
  • #72604 (gd): imagearc() ignores thickness for full arcs;
  • #72697 (gd): select_colors write out-of-bounds;
  • #72709 (gd): imagesetstyle() causes OOB read for empty $styles;
  • #72730 (gd): imagegammacorrect allows arbitrary write access;
  • #72506 (intl): idn_to_ascii for UTS #46 incorrect for long domain names;
  • #72691 (mbstring): mb_ereg_search raises a warning if a match zero-width;
  • #72693 (mbstring): mb_ereg_search increments search position when a match zero-width;
  • #72694 (mbstring): mb_ereg_search_setpos does not accept a string's last position;
  • #72710 (mbstring): `mb_ereg` causes buffer overflow on regexp compile error;
  • #72688 (pcre): preg_match missing group names in matches;
  • #70313 (pdo_pgsql): PDO statement fails to throw exception;
  • #72222 (reflection): ReflectionClass::export doesn't handle array constants;
  • #72708 (snmp): php_snmp_parse_oid integer overflow in memory allocation;
  • #72330 (standard): CSV fields incorrectly split if escape char followed by UTF chars;
  • #72836 (standard): integer overflow in base64_decode;
  • #72848 (standard): integer overflow in quoted_printable_encode;
  • #72849 (standard): integer overflow in urlencode;
  • #72850 (standard): integer overflow in php_uuencode;
  • #72716 (standard): initialize buffer before read;
  • #41021 (streams): problems with the ftps wrapper;
  • #54431 (streams): opendir() does not work with ftps:// wrapper;
  • #72667 (streams): opendir() with ftp:// attempts to open data stream for non-existent directories;
  • #72764 (streams): ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5;
  • #72771 (streams): ftps:// wrapper is vulnerable to protocol downgrade attack;
  • #72122 (spl): iteratorIterator breaks '@' error suppression;
  • #72646 (spl): SplFileObject::getCsvControl does not return the escape character;
  • #72684 (spl): AppendIterator segfault with closed generator;
  • #72653 (sqlite3): SQLite should allow opening with empty filename;
  • #72142 (wddx): WDDX Packet Injection Vulnerability in wddx_serialize_value();
  • #72749 (wddx): wddx_deserialize allows illegal memory access;
  • #72750 (wddx): wddx_deserialize null dereference;
  • #72790 (wddx): wddx_deserialize null dereference with invalid xml;
  • #72799 (wddx): wddx_deserialize null dereference in php_wddx_pop_element.

alt-php70-7.0.10-1 (please check the full changelog on the link http://www.php.net/ChangeLog-7.php#7.0.10)

  • #72629 (core): caught exception assignment to variables ignores references;
  • #72594 (core): calling an earlier instance of an included anonymous class fatals;
  • #72581 (core): previous property undefined in Exception after deserialization;
  • #72496 (core): cannot declare public method with signature incompatible with parent private method;
  • #72024 (core): microtime() leaks memory;
  • (core): fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from;
  • #72614 (core): support "nmake test" on building extensions by phpize;
  • (core): fixed potential segfault in object storage freeing in shutdown sequence;
  • #72663 (core): create an Unexpected Object and Don't Invoke __wakeup() in Deserialization;
  • #72681 (core): PHP Session Data Injection Vulnerability;
  • #72683 (core): getmxrr broken;
  • #72742 (core): memory allocator fails to realloc small block to large one;
  • #72837 (bz2) integer overflow in bzdecompress caused heap corruption;
  • #67976 (calendar): cal_days_month() fails for final month of the French calendar;
  • #71894 (calendar): AddressSanitizer: global-buffer-overflow in zif_cal_from_jd;
  • #72569 (com): DOTNET/COM array parameters broke in PHP7;
  • #71709 (curl): curl_setopt segfault with empty CURLOPT_HTTPHEADER;
  • #71929 (curl): CURLINFO_CERTINFO data parsing error;
  • #72674 (curl): heap overflow in curl_escape;
  • #66502 (dom): DOM document dangling reference;
  • #72735 (exif): Samsung picture thumb not read (zero size);
  • #72627 (exif): memory Leakage In exif_process_IFD_in_TIFF;
  • #71745 (filter): FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range;
  • #72575 (fpm): using --allow-to-run-as-root should ignore missing user;
  • #72596 (gd): imagetypes function won't advertise WEBP support;
  • #72604 (gd): imagearc() ignores thickness for full arcs;
  • #70315 (gd): 500 Server Error but page is fully rendered;
  • #43828 (gd): broken transparency of imagearc for truecolor in blendingmode;
  • #66555 (gd): always false condition in ext/gd/libgd/gdkanji.c;
  • #68712 (gd): suspicious if-else statements;
  • #72697 (gd): select_colors write out-of-bounds;
  • #72730 (gd): imagegammacorrect allows arbitrary write access;
  • #72639 (intl): segfault when instantiating class that extends IntlCalendar and adds a property;
  • #72506 (intl, partially fixed): idn_to_ascii for UTS #46 incorrect for long domain names;
  • #72691 (mbstring): mb_ereg_search raises a warning if a match zero-width;
  • #72693 (mbstring): mb_ereg_search increments search position when a match zero-width;
  • #72694 (mbstring): mb_ereg_search_setpos does not accept a string's last position;
  • #72710 (mbstring): `mb_ereg` causes buffer overflow on regexp compile error;
  • #72782 (mcrypt): heap overflow due to integer overflows;
  • #72590 (opcache): opcache restart with kill_all_lockers does not work;
  • #72688 (pcre): preg_match missing group names in matches;
  • #70313 (pdo_pgsql): PDO statement fails to throw exception;
  • #72222 (reflection): ReflectionClass::export doesn't handle array constants;
  • #72588 (simplexml): using global var doesn't work while accessing SimpleXML element;
  • #72708 (snmp): php_snmp_parse_oid integer overflow in memory allocation;
  • #55701 (spl): GlobIterator throws LogicException;
  • #72646 (spl): SplFileObject::getCsvControl does not return the escape character;
  • #72684 (spl): AppendIterator segfault with closed generator;
  • #72668 (sqlite3): spurious warning when exception is thrown in user defined function;
  • #72571 (sqlite3): SQLite3::bindValue, SQLite3::bindParam crash;
  • #72653 (sqlite3): SQLite should allow opening with empty filename;
  • #72622 (standard): array_walk + array_replace_recursive create references from nothing;
  • #72152 (standard): base64_decode $strict fails to detect null byte;
  • #72263 (standard): base64_decode skips a character after padding in strict mode;
  • #72264 (standard): base64_decode $strict fails with whitespace between padding;
  • #72330 (standard): CSV fields incorrectly split if escape char followed by UTF chars;
  • #41021 (streams): problems with the ftps wrapper;
  • #54431 (streams): opendir() does not work with ftps:// wrapper;
  • #72667 (streams): opendir() with ftp:// attempts to open data stream for non-existent directories;
  • #72771 (streams): ftps:// wrapper is vulnerable to protocol downgrade attack;
  • #72647 (xmlrpc): xmlrpc_encode() unexpected output after referencing array elements;
  • #72564 (wddx): boolean always deserialized as "true";
  • #72142 (wddx): WDDX Packet Injection Vulnerability in wddx_serialize_value();
  • #72749 (wddx): wddx_deserialize allows illegal memory access;
  • #72750 (wddx): wddx_deserialize null dereference;
  • #72790 (wddx): wddx_deserialize null dereference with invalid xml;
  • #72799 (wddx): wddx_deserialize null dereference in php_wddx_pop_element;
  • #72660 (zip): NULL Pointer dereference in zend_virtual_cwd.

To upgrade run the command:

yum groupinstall alt-php 

Beta: liblve updated
Beta: Updates for EasyApache 4 delivered
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 20 August 2019

Captcha Image