CloudLinux - CloudLinux Blog - Beta: Alt-PHP updated
RSS

Beta: Alt-PHP updated

Beta: Alt-PHP updated

New updated Alt-PHP packages are available from our updates-testing repository.

Changelog:

alt-php55-5.5.38-1 (find details on the link http://php.net/ChangeLog-5.php#5.5.38)

  • #72613 (bzip2) Inadequate error handling in bzread();
  • #70480 (core) php_url_parse_ex() buffer overflow read;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72562 (core) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #69975 (odbc) PHP segfaults when accessing nvarchar(max) defined columns;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php56-5.6.24-1 (find details on the link http://php.net/ChangeLog-5.php#5.6.24)

  • #71936 (core) Segmentation fault destroying HTTP_RAW_POST_DATA;
  • #72496 (core) Cannot declare public method with signature incompatible with parent private method;
  • #72138 (core) Integer Overflow in Length of String-typed ZVAL;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72562 (core) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72447 (bz2) Type Confusion in php_bz2_filter_create();
  • #72613 (bz2) Inadequate error handling in bzread();
  • #50845 (exif) exif_read_data() returns corrupted exif headers;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #43475 (gd) Thick styled lines have scrambled patterns;
  • #53640 (gd) XBM images require width to be multiple of 8;
  • #64641 (gd) imagefilledpolygon doesn't draw horizontal line;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #69975 (odbc) PHP segfaults when accessing nvarchar(max) defined columns;
  • #71915 (openssl) openssl_random_pseudo_bytes is not fork-safe;
  • #72336 (openssl) openssl_pkey_new does not fail for invalid DSA params;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #55701 (spl) GlobIterator throws LogicException;
  • #70628 (sqlite3) Clearing bindings on an SQLite3 statement doesn't work;
  • #72439 (streams) Stream socket with remote address leads to a segmentation fault;
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php70-7.0.9-1 (find details on the link http://php.net/ChangeLog-7.php#7.0.9)

  • ALTPHP-182 enable pdo_dblib build;
  • ALTPHP-185 fix empty configure line;
  • #72508 (core) strange references after recursive function call and "switch" statement;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72613 (bz2) Inadequate error handling in bzread();
  • #72484 (cli) SCRIPT_FILENAME shows wrong path if the user specify router.php;
  • #72498 (com) variant_date_from_timestamp null dereference;
  • #72541 (curl) size_t overflow lead to heap corruption;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #43475 (gd) Thick styled lines have scrambled patterns;
  • #53640 (gd) XBM images require width to be multiple of 8;
  • #64641 (gd) imagefilledpolygon doesn't draw horizontal line;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72482 (gd) Ilegal write/read access caused by gdImageAALine overflow;
  • #72494 (gd) imagecropauto out-of-bounds access;
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #72405 (mbstring) mb_ereg_replace - mbc_to_code (oniguruma) - oob read access;
  • #72399 (mbstring) Use-After-Free in MBString (search_re);
  • #72551#72552 (mcrypt) Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic;
  • #72570 (pdo_pgsql) Segmentation fault when binding parameters on a query without placeholders;
  • #72476 (pcre) Memleak in jit_stack;
  • #72463 (pcre) mail fails with invalid argument;
  • #72538 (readline) readline_redisplay crashes php;
  • #72505 (standard) readfile() mangles files larger than 2G;
  • #72306 (standard) Heap overflow through proc_open and $env parameter;
  • #72531 (session) ps_files_cleanup_dir Buffer overflow;
  • #72562 (session) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #72439 (streams) Stream socket with remote address leads to a segmentation fault;
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php70-pecl-ext-1-15

  • updated timezonedb from 2016.4 to 2016.6;
  • updated redis from 2.2.8 to 3.0.0;
  • mailparse 3.0.1 extension added.

Please note that PHP 5.5.38 is the last release of the PHP 5.5 branch. The next alt-php55 release will become hardened (http://php.net/archive/2016.php#id2016-07-21-2).

To update run the command:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

No single website can bring down your server
Running InfiniBand hardware? Your servers might be...
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/