CloudLinux OS Blog - Alt-PHP updated
CloudLinux OS Blog

Alt-PHP updated

Alt-PHP updated

The new updated Alt-PHP packages are available for download from our production repository.

Changelog:

alt-php56-5.6.31-1

  • (core) 73807: Performance problem with processing post request over 2000000 chars;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal(;
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (wddx) 74145: wddx parsing empty boolean tag leads to SIGSEGV;
  • LSPHP SAPI updated to 6.11.

alt-php70-7.0.21-1

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
  • (intl) 73634: grapheme_strpos illegal memory access;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (standard) 74708: Invalid Reflection signatures for random_bytes and random_int;
  • (standard) 73648: Heap buffer overflow in substr;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

alt-php71-7.1.7-1

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (date) 74639: implement clone for DatePeriod and DateInterval;
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (opcache): Revert opcache.enable_cli to default disabled;
  • (openssl) 74720: pkcs7_en/decrypt does not work if \x1a is used in content;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

To update run:

yum groupinstall alt-php
yum update alt-libcurlssl
httpd24-httpd-2.4.26 released to production (for C...
Imunify360 now protects against zero-day attacks, ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 15 November 2019

Captcha Image