CloudLinux OS Blog - Beta: HardenedPHP for EasyApache 4 updated
CloudLinux OS Blog

Beta: HardenedPHP for EasyApache 4 updated

Beta: HardenedPHP for EasyApache 4 updated

Updated HardenedPHP packages for EasyApache 4 are available from EA4 beta repository.

Changelog:

ea-php55-5.5.38-4.cloudlinux.1 (Hardened)

  • security bug 73189: Memcpy negative size parameter php_resolve_path;
  • security bug 73147: Use After Free in unserialize();
  • security bug 73190: memcpy negative parameter _bc_new_num_ex;
  • security bug 73150: missing NULL check in dom_document_save_html;
  • security bug 73284: heap overflow in php_ereg_replace function;
  • CVE-2016-7568: Integer Overflow in gdImageWebpCtx of gd_webp.c;
  • security bug 73218: stack-buffer-overflow through "ResourceBundle" methods ;
  • security bug 73208: integer overflow in imap_8bit caused heap corruption;
  • security bug 73082: string length overflow in mb_encode_* function;
  • security bug 73174: heap overflow in php_pcre_replace_impl;
  • security bug 73276: crash in openssl_random_pseudo_bytes function;
  • security bug 73275: crash in openssl_encrypt function;
  • security bug 73017: memory corruption in wordwrap function;
  • security bug 73240: Write out of bounds at number_format;
  • security bug 73073: CachingIterator null dereference when convert to string;
  • security bug 73293: NULL pointer dereference in SimpleXMLElement::asXML().

ea-php54-5.4.45-22.cloudlinux.1 (Hardened)

  • security bug 73189: Memcpy negative size parameter php_resolve_path;
  • security bug 73190: memcpy negative parameter _bc_new_num_ex;
  • security bug 73150: missing NULL check in dom_document_save_html;
  • security bug 73284: heap overflow in php_ereg_replace function;
  • security bug 73218: stack-buffer-overflow through "ResourceBundle" methods;
  • security bug 73208: integer overflow in imap_8bit caused heap corruption;
  • security bug 73082: string length overflow in mb_encode_* function;
  • security bug 73174: heap overflow in php_pcre_replace_impl;
  • security bug 73276: crash in openssl_random_pseudo_bytes function;
  • security bug 73275: crash in openssl_encrypt function;
  • security bug 73017: memory corruption in wordwrap function;
  • security bug 73240: Write out of bounds at number_format;
  • security bug 73073: CachingIterator null dereference when convert to string;
  • security bug 73293: NULL pointer dereference in SimpleXMLElement::asXML().

ea-php53-5.3.29-4 (Hardened)

  • security bug 73189: Memcpy negative size parameter php_resolve_path;
  • security bug 73150: missing NULL check in dom_document_save_html;
  • security bug 73284: heap overflow in php_ereg_replace function;
  • security bug 73218: stack-buffer-overflow through "ResourceBundle" methods ;
  • security bug 73208: integer overflow in imap_8bit caused heap corruption;
  • security bug 73082: string length overflow in mb_encode_* function;
  • security bug 73174: heap overflow in php_pcre_replace_impl;
  • security bug 73276: crash in openssl_random_pseudo_bytes function;
  • security bug 73275: crash in openssl_encrypt function;
  • security bug 73017: memory corruption in wordwrap function;
  • security bug 73240: Write out of bounds at number_format;
  • security bug 73073: CachingIterator null dereference when convert to string;
  • security bug 73293: NULL pointer dereference in SimpleXMLElement::asXML();
  • remove Type=notify from ea-php53-php-frm.service file as unsupported;
  • force users on jailshell and noshell to be chrooted when using php-fpm.

To update run:

yum update ea-php{53,54,55}* --enablerepo=cl-ea4-testing

For installation:

yum-config-manager --enable cl-ea4-testing

install profile via the web interface or via the command line tool

yum-config-manager --disable cl-ea4-testing
Dirty Cow: visual patch release timeline
Beta: MySQL Governor updated
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 24 August 2019

Captcha Image