CloudLinux OS Blog - HardenedPHP updated
CloudLinux OS Blog

HardenedPHP updated

HardenedPHP updated

New updated HardenedPHP packages are available from our production repository.

Changelog:

alt-php44-4.4.9-52

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php51-5.1.6-59

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php52-5.2.17-86

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php53-5.3.29-36

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php54-5.4.45-20

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #70436: Use After Free Vulnerability in unserialize() (core);
  • security bug #72633: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization (core);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72708: php_snmp_parse_oid integer overflow in memory allocation (snmp);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

alt-php55-5.5.38-2

  • ALTPHP-212: implemented additional code to mail.c to track sending file path (X-PHP-Filename);
  • security bug #72837: integer overflow in bzdecompress caused heap corruption (bz2);
  • security bug #70436: Use After Free Vulnerability in unserialize() (core);
  • bug #72024: microtime() leaks memory (core);
  • security bug #72633: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization (core);
  • security bug #72681: PHP Session Data Injection Vulnerability (core);
  • security bug #72807: integer overflow in curl_escape caused heap corruption (curl);
  • security bug #72838: Integer overflow lead to heap corruption in sql_regcase (ereg);
  • security bug #72697: select_colors write out-of-bounds (gd);
  • security bug #72730: imagegammacorrect allows arbitrary write access (gd);
  • security bug #72708: php_snmp_parse_oid integer overflow in memory allocation (snmp);
  • security bug #72836: integer overflow in base64_decode caused heap corruption (standard);
  • security bug #72848: integer overflow in quoted_printable_encode caused heap corruption (standard);
  • security bug #72849: integer overflow in urlencode caused heap corruption (standard);
  • security bug #72850: integer overflow in php_uuencode caused heap corruption (standard);
  • security bug #72771: ftps:// wrapper is vulnerable to protocol downgrade attack (streams);
  • security bug #72749: wddx_deserialize allows illegal memory access (wddx);
  • security bug #72750: wddx_deserialize null dereference (wddx);
  • security bug #72790: wddx_deserialize null dereference with invalid xml (wddx);
  • security bug #72799: wddx_deserialize null dereference in php_wddx_pop_element (wddx).

To install run the command: 

yum groupinstall alt-php

httpd24 updated for CloudLinux 6
Hosting Industry Survey is now closed. Stand by fo...
 

Comments 2

Guest - John T. Kellman Jr. on Thursday, 01 September 2016 05:27

What am I supposed to do with this update. I don't recall ever installing your data on my device.

What am I supposed to do with this update. I don't recall ever installing your data on my device.
Guest - Kateryna on Friday, 02 September 2016 10:24

Dear John T. Kellman Jr., thank you for your question.
Hardened PHP is the second name for alt-php packages if you are using CloudLinux OS, issuing the last command from the blog post you will have it installed or updated.
If you do not use CloudLinux and want to install Hardened PHP please contact [email protected] .

Dear John T. Kellman Jr., thank you for your question. Hardened PHP is the second name for alt-php packages if you are using CloudLinux OS, issuing the last command from the blog post you will have it installed or updated. If you do not use CloudLinux and want to install Hardened PHP please contact [email protected] .
Already Registered? Login Here
Guest
Friday, 22 November 2019

Captcha Image