CloudLinux - CloudLinux Blog - Beta: Alt-PHP updated
Blog

Beta: Alt-PHP updated

Beta: Alt-PHP updated

New updated Alt-PHP packages are available from our updates-testing repository.

Changelog:

alt-php70-7.0.8-1 (find detailed information on the link: http://www.php.net/ChangeLog-7.php#7.0.8)

  • #72218: (core) If host name cannot be resolved then PHP 7 crashes;

  • #72221: (core) segfault, past-the-end access;

  • #72268: (core) Integer Overflow in nl2br();

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #72308: (fpm) fastcgi_finish_request and logging environment variables;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72337: (gd) invalid dimensions can lead to crash;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #64524: (intl) Add intl.use_exceptions to php.ini-*;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72143: (pcre) preg_replace uses int instead of size_t;

  • #71573: (pdo_pgsql) Segfault (core dumped) if paramno beyond bound;

  • #72294: (pdo_pgsql) Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor;

  • #72284: (pgpdbg) phpdbg fatal errors with coverage;

  • #72195: (postgres) pg_pconnect/pg_connect cause use-after-free;

  • #72197: (postgres) pg_lo_create arbitrary read;

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72017: (standard) range() with float step produces unexpected result;

  • #72193: (standard) dns_get_record returns array containing elements of type 'unknown';

  • #72229: (standard) Wrong reference when serialize/unserialize an object;

  • #72300: (standard) ignore_user_abort(false) has no effect;

  • #72206: (xml) xml_parser_create/xml_parser_free leaks mem;

  • #72155: (xmlrpc) use-after-free caused by get_zval_xmlrpc_type;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72258: (zip) ZipArchive converts filenames to unrecoverable form;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

alt-php56-5.6.23-1 (find detailed information on the link: http://php.net/ChangeLog-5.php#5.6.23)

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72337: (gd) invalid dimensions can lead to crash;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #72446: (gd) Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow;

  • #70484: (intl) selectordinal doesn't work with named parameters;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72140: (openssl) segfault after calling ERR_free_strings();

  • #72321: (phar) invalid free in phar_extract_file();

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

alt-php55-5.5.37-1 (find detailed information on the link: http://www.php.net/ChangeLog-5.php#5.5.37)

  • #72268: (core) Integer Overflow in nl2br();

  • #72275: (core) Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16();

  • #72400: (core) Integer Overflow in addcslashes/addslashes;

  • #72403: (core) Integer Overflow in Length of String-typed ZVAL;

  • #66387 / CVE-2015-8874: (gd) Stack overflow with imagefilltoborder;

  • #72298: (gd) pass2_no_dither out-of-bounds access;

  • #72339: (gd) Integer Overflow in _gd2GetHeader() resulting in heap overflow;

  • #72407: (gd) NULL Pointer Dereference at _gdScaleVert;

  • #72446: (gd) Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow;

  • #72402: (mbstring) _php_mb_regex_ereg_replace_exec - double free;

  • #72455: (mcrypt) Heap Overflow due to integer overflows;

  • #72262: (spl) int/size_t confusion in SplFileObject::fread;

  • #72433: (spl) Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • #72340: (wddx) Double Free Courruption in wddx_deserialize;

  • #72434: (zip) ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize;

  • ALTPHP-161: fixed lsphp for proper calculation of idle time.

To update run the command:

yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

New vulnerability makes it easy to escape from the...
PHP 5.3? CVE 2015-6835 ... what a mess
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

EU e-Privacy Directive

This website uses cookies to ensure you get the best experience using our website and services. If you prefer we don’t use cookies, please disable them in your browser.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.