CloudLinux - CloudLinux Blog - Alt-PHP updated
Blog

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

Alt-PHP updated

Alt-PHP updated

New updated Alt-PHP packages are available from our production repository.

Changelog:

alt-php55-5.5.38-1 (find details on the link http://php.net/ChangeLog-5.php#5.5.38)

  • #72613 (bzip2) Inadequate error handling in bzread();
  • #70480 (core) php_url_parse_ex() buffer overflow read;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72562 (core) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #69975 (odbc) PHP segfaults when accessing nvarchar(max) defined columns;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php56-5.6.24-1 (find details on the link http://php.net/ChangeLog-5.php#5.6.24)

  • #71936 (core) Segmentation fault destroying HTTP_RAW_POST_DATA;
  • #72496 (core) Cannot declare public method with signature incompatible with parent private method;
  • #72138 (core) Integer Overflow in Length of String-typed ZVAL;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72562 (core) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72447 (bz2) Type Confusion in php_bz2_filter_create();
  • #72613 (bz2) Inadequate error handling in bzread();
  • #50845 (exif) exif_read_data() returns corrupted exif headers;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #43475 (gd) Thick styled lines have scrambled patterns;
  • #53640 (gd) XBM images require width to be multiple of 8;
  • #64641 (gd) imagefilledpolygon doesn't draw horizontal line;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #69975 (odbc) PHP segfaults when accessing nvarchar(max) defined columns;
  • #71915 (openssl) openssl_random_pseudo_bytes is not fork-safe;
  • #72336 (openssl) openssl_pkey_new does not fail for invalid DSA params;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #55701 (spl) GlobIterator throws LogicException;
  • #70628 (sqlite3) Clearing bindings on an SQLite3 statement doesn't work;
  • #72439 (streams) Stream socket with remote address leads to a segmentation fault;
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php70-7.0.9-1 (find details on the link http://php.net/ChangeLog-7.php#7.0.9)

  • ALTPHP-182 enable pdo_dblib build;
  • ALTPHP-185 fix empty configure line;
  • #72508 (core) strange references after recursive function call and "switch" statement;
  • #72513 (core) Stack-based buffer overflow vulnerability in virtual_file_ex;
  • #72573 (core) HTTP_PROXY is improperly trusted by some PHP libraries and applications;
  • #72613 (bz2) Inadequate error handling in bzread();
  • #72484 (cli) SCRIPT_FILENAME shows wrong path if the user specify router.php;
  • #72498 (com) variant_date_from_timestamp null dereference;
  • #72541 (curl) size_t overflow lead to heap corruption;
  • #72603 (exif) Out of bound read in exif_process_IFD_in_MAKERNOTE;
  • #72618 (exif) NULL Pointer Dereference in exif_process_user_comment;
  • #43475 (gd) Thick styled lines have scrambled patterns;
  • #53640 (gd) XBM images require width to be multiple of 8;
  • #64641 (gd) imagefilledpolygon doesn't draw horizontal line;
  • #72512 (gd) gdImageTrueColorToPaletteBody allows arbitrary write/read access;
  • #72519 (gd) imagegif/output out-of-bounds access;
  • #72558 (gd) Integer overflow error within _gdContributionsAlloc();
  • #72482 (gd) Ilegal write/read access caused by gdImageAALine overflow;
  • #72494 (gd) imagecropauto out-of-bounds access;
  • #72533 (intl) locale_accept_from_http out-of-bounds access;
  • #72405 (mbstring) mb_ereg_replace - mbc_to_code (oniguruma) - oob read access;
  • #72399 (mbstring) Use-After-Free in MBString (search_re);
  • #72551#72552 (mcrypt) Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic;
  • #72570 (pdo_pgsql) Segmentation fault when binding parameters on a query without placeholders;
  • #72476 (pcre) Memleak in jit_stack;
  • #72463 (pcre) mail fails with invalid argument;
  • #72538 (readline) readline_redisplay crashes php;
  • #72505 (standard) readfile() mangles files larger than 2G;
  • #72306 (standard) Heap overflow through proc_open and $env parameter;
  • #72531 (session) ps_files_cleanup_dir Buffer overflow;
  • #72562 (session) Use After Free in unserialize() with Unexpected Session Deserialization;
  • #72479 (snmp) Use After Free Vulnerability in SNMP with GC and unserialize();
  • #72439 (streams) Stream socket with remote address leads to a segmentation fault;
  • #72606 (xmlrpc) heap-buffer-overflow (write) simplestring_addn simplestring.c;
  • #72520 (zip) Stack-based buffer overflow vulnerability in php_stream_zip_opener.

alt-php70-pecl-ext-1-15

  • updated timezonedb from 2016.4 to 2016.6;
  • updated redis from 2.2.8 to 3.0.0;
  • mailparse 3.0.1 extension added.

Please note that PHP 5.5.38 is the last release of the PHP 5.5 branch. The next alt-php55 release will become hardened (http://php.net/archive/2016.php#id2016-07-21-2).

To update run the command:

yum groupinstall alt-php 

No single website can bring down your server
Running InfiniBand hardware? Your servers might be...
 

Комментарии

Нет созданных комментариев. Будь первым кто оставит комментарий.
Уже зарегистрированны? Войти на сайт
Guest
10.07.2020

Изображение капчи