--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-03518b366b
2016-09-05 17:51:00.339988
--------------------------------------------------------------------------------
Name : php
Product : Fedora 25
Version : 7.0.10
Release : 1.fc25
URL :
http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
--------------------------------------------------------------------------------
Update Information:
18 Aug 2016 **PHP 7.0.10** **Core:** * Fixed bug php#72629 (Caught exception
assignment to variables ignores references). (Laruence) * Fixed bug php#72594
(Calling an earlier instance of an included anonymous class fatals). (Laruence)
* Fixed bug php#72581 (previous property undefined in Exception after
deserialization). (Laruence) * Fixed bug php#72496 (Cannot declare public method
with signature incompatible with parent private method). (Pedro Magalh��es) *
Fixed bug php#72024 (microtime() leaks memory). (maroszek at gmx dot net) *
Fixed bug php#71911 (Unable to set --enable-debug on building extensions by
phpize on Windows). (Yuji Uchiyama) * Fixed bug causing ClosedGeneratorException
being thrown into the calling code instead of the Generator yielding from. (Bob)
* Implemented FR php#72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama) * Fixed bug php#72641 (phpize (on Windows) ignores
PHP_PREFIX). (Yuji Uchiyama) * Fixed potential segfault in object storage
freeing in shutdown sequence. (Bob) * Fixed bug php#72663 (Create an Unexpected
Object and Don't Invoke __wakeup() in Deserialization). (Stas) * Fixed bug
php#72681 (PHP Session Data Injection Vulnerability). (Stas) * Fixed bug
php#72683 (getmxrr broken). (Anatol) * Fixed bug php#72742 (memory allocator
fails to realloc small block to large one). (Stas) **Bz2:** * Fixed bug
php#72837 (integer overflow in bzdecompress caused heap corruption). (Stas)
**Calendar:** * Fixed bug php#67976 (cal_days_month() fails for final month of
the French calendar). (cmb) * Fixed bug php#71894 (AddressSanitizer: global-
buffer-overflow in zif_cal_from_jd). (cmb) **COM:** * Fixed bug php#72569
(DOTNET/COM array parameters broke in PHP7). (Anatol) **CURL:** * Fixed bug
php#71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER). (Pierrick) *
Fixed bug php#71929 (CURLINFO_CERTINFO data parsing error). (Pierrick) * Fixed
bug php#72674 (Heap overflow in curl_escape). (Stas) **DOM:** * Fixed bug
php#66502 (DOM document dangling reference). (Sean Heelan, cmb) **EXIF:** *
Fixed bug php#72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
* Fixed bug php#72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
**Filter:** * Fixed bug php#71745 (FILTER_FLAG_NO_RES_RANGE does not cover
whole 127.0.0.0/8 range). (bugs dot php dot net at majkl578 dot cz) **FPM:** *
Fixed bug php#72575 (using --allow-to-run-as-root should ignore missing user).
(gooh) **GD:** * Fixed bug php#72596 (imagetypes function won't advertise WEBP
support). (cmb) * Fixed bug php#72604 (imagearc() ignores thickness for full
arcs). (cmb) * Fixed bug php#70315 (500 Server Error but page is fully
rendered). (cmb) * Fixed bug php#43828 (broken transparency of imagearc for
truecolor in blendingmode). (cmb) * Fixed bug php#66555 (Always false condition
in ext/gd/libgd/gdkanji.c). (cmb) * Fixed bug php#68712 (suspicious if-else
statements). (cmb) * Fixed bug php#72697 (select_colors write out-of-bounds).
(Stas) * Fixed bug php#72730 (imagegammacorrect allows arbitrary write access).
(Stas) **Intl:** * Fixed bug php#72639 (Segfault when instantiating class that
extends IntlCalendar and adds a property). (Laruence) * Partially fixed
php#72506 (idn_to_ascii for UTS #46 incorrect for long domain names). (cmb)
**mbstring:** * Fixed bug php#72691 (mb_ereg_search raises a warning if a match
zero-width). (cmb) * Fixed bug php#72693 (mb_ereg_search increments search
position when a match zero-width). (cmb) * Fixed bug php#72694
(mb_ereg_search_setpos does not accept a string's last position). (cmb) * Fixed
bug php#72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius) **Mcrypt:** * Fixed bug php#72782 (Heap Overflow due to integer
overflows). (Stas) **Opcache:** * Fixed bug php#72590 (Opcache restart with
kill_all_lockers does not work). (Keyur) **PCRE:** * Fixed bug php#72688
(preg_match missing group names in matches). (cmb) **PDO_pgsql:** * Fixed bug
php#70313 (PDO statement fails to throw exception). (Matteo) **Reflection:** *
Fixed bug php#72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov) **SimpleXML:** * Fixed bug php#72588 (Using global var
doesn't work while accessing SimpleXML element). (Laruence) **SNMP:** * Fixed
bug php#72708 (php_snmp_parse_oid integer overflow in memory allocation).
(djodjo at gmail dot com) **SPL:** * Fixed bug php#55701 (GlobIterator throws
LogicException). (Valentin V��LCIU) * Fixed bug php#72646
(SplFileObject::getCsvControl does not return the escape character). (cmb) *
Fixed bug php#72684 (AppendIterator segfault with closed generator). (Pierrick)
**SQLite3:** * Fixed bug php#72668 (Spurious warning when exception is thrown
in user defined function). (Laruence) * Fixed bug php#72571 (SQLite3::bindValue,
SQLite3::bindParam crash). (Laruence) * Implemented FR php#72653 (SQLite should
allow opening with empty filename). (cmb) * Updated to SQLite3 3.13.0. (cmb)
**Standard:** * Fixed bug php#72622 (array_walk + array_replace_recursive
create references from nothing). (Laruence) * Fixed bug php#72152 (base64_decode
$strict fails to detect null byte). (Lauri Kentt��) * Fixed bug php#72263
(base64_decode skips a character after padding in strict mode). (Lauri Kentt��) *
Fixed bug php#72264 (base64_decode $strict fails with whitespace between
padding). (Lauri Kentt��) * Fixed bug php#72330 (CSV fields incorrectly split if
escape char followed by UTF chars). (cmb) **Streams:** * Fixed bug php#41021
(Problems with the ftps wrapper). (vhuk) * Fixed bug php#54431 (opendir() does
not work with ftps:// wrapper). (vhuk) * Fixed bug php#72667 (opendir() with
ftp:// attempts to open data stream for non-existent directories). (vhuk) *
Fixed bug php#72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas) **XMLRPC:** * Fixed bug php#72647 (xmlrpc_encode() unexpected
output after referencing array elements). (Laruence) **Wddx:** * Fixed bug
php#72564 (boolean always deserialized as "true") (Remi) * Fixed bug php#72142
(WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen)
* Fixed bug php#72749 (wddx_deserialize allows illegal memory access) (Stas) *
Fixed bug php#72750 (wddx_deserialize null dereference). (Stas) * Fixed bug
php#72790 (wddx_deserialize null dereference with invalid xml). (Stas) * Fixed
bug php#72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
(Stas) **XMLRPC:** * Fixed bug php#72647 (xmlrpc_encode() unexpected output
after referencing array elements). (Laruence) **Wddx:** * Fixed bug php#72564
(boolean always deserialized as "true") (Remi) * Fixed bug php#72142 (WDDX
Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen) *
Fixed bug php#72749 (wddx_deserialize allows illegal memory access) (Stas) *
Fixed bug php#72750 (wddx_deserialize null dereference). (Stas) * Fixed bug
php#72790 (wddx_deserialize null dereference with invalid xml). (Stas) * Fixed
bug php#72799 (wddx_deserialize null dereference in php_wddx_pop_element).
(Stas) **Zip:** * Fixed bug php#72660 (NULL Pointer dereference in
zend_virtual_cwd). (Laruence)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at
https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------