CloudLinux OS Blog

PHP for EasyApache 4 updated

PHP for EasyApache 4 updated

The new updated ea-php packages are available for download from our production repository.

Changelog:

ea-php56-5.6.31-1.cloudlinux

  • (core) 73807: Performance problem with processing post request over 2000000 chars;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal(;
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (wddx) 74145: wddx parsing empty boolean tag leads to SIGSEGV;
  • LSPHP SAPI updated to 6.11.

ea-php70-7.0.21-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
  • (intl) 73634: grapheme_strpos illegal memory access;
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (standard) 74708: Invalid Reflection signatures for random_bytes and random_int;
  • (standard) 73648: Heap buffer overflow in substr;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

ea-php71-7.1.7-1.cloudlinux

  • (core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
  • (core) 74658: Undefined constants in array properties result in broken properties;
  • (core): Fixed misparsing of abstract unix domain socket names;
  • (core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
  • (core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
  • (core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
  • (core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
  • (date) 74639: implement clone for DatePeriod and DateInterval;
  • (dom) 69373: References to deleted XPath query results;
  • (gd) 74435: Buffer over-read into uninitialized memory;
  • (intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
  • (intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key
  • (mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
  • (oci8): Add TAF callback (PR #2459);
  • (opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
  • (opcache): Revert opcache.enable_cli to default disabled;
  • (openssl) 74720: pkcs7_en/decrypt does not work if \x1a is used in content;
  • (openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
  • (pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
  • (reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
  • (spl) 74478: null coalescing operator failing with SplFixedArray;
  • (ftp) 74598: ftp:// wrapper ignores context arg;
  • (phar) 74386: Phar::__construct reflection incorrect;
  • (soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
  • (streams) 74556: stream_socket_get_name() returns '\0';
  • LSPHP SAPI updated to 6.11.

To update run the command:

yum update ea-php* 

Topic: CloudLinux OS Blog , Tags: #easyapache4,

400 people viewed this

Comments (1)

 
by Guest - Jaime Gomez / Friday, 14 July 2017 14:28

Hi, When will it be available easyapache 4 with http2 support of the cpanel update in EasyApache 4 Change Log 2017-7-11 (https://documentation.cpanel.net/display/EA4/EasyApache+4+Change+Log)

Thanks !

Hi, When will it be available easyapache 4 with http2 support of the cpanel update in EasyApache 4 Change Log 2017-7-11 (https://documentation.cpanel.net/display/EA4/EasyApache+4+Change+Log) Thanks !

Leave your comment

Guest, Tuesday, 26 September 2017

Captcha Image