--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-b6072889db
2018-09-22 20:49:57.249853
--------------------------------------------------------------------------------
Name : php
Product : Fedora 28
Version : 7.2.10
Release : 1.fc28
URL :
http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
--------------------------------------------------------------------------------
Update Information:
**PHP version 7.2.10** (13 Sep 2018) **Core:** * Fixed bug php#76754 (parent
private constant in extends class memory leak). (Laruence) * Fixed bug php#72443
(Generate enabled extension). (petk) * Fixed bug php#75797 (Memory leak when
using class_alias() in non-debug mode). (Massimiliano Braglia) **Apache2:** *
Fixed bug php#76582 (Apache bucket brigade sometimes becomes invalid). (stas)
**Bz2:** * Fixed arginfo for bzcompress. (Tyson Andre) **gettext:** * Fixed
bug php#76517 (incorrect restoring of LDFLAGS). (sji) **iconv:** * Fixed bug
php#68180 (iconv_mime_decode can return extra characters in a header). (cmb) *
Fixed bug php#63839 (iconv_mime_decode_headers function is skipping headers).
(cmb) * Fixed bug php#60494 (iconv_mime_decode does ignore special characters).
(cmb) * Fixed bug php#55146 (iconv_mime_decode_headers() skips some headers).
(cmb) **intl:** * Fixed bug php#74484 (MessageFormatter::formatMessage memory
corruption with 11+ named placeholders). (Anatol) **libxml:** * Fixed bug
php#76777 ("public id" parameter of libxml_set_external_entity_loader callback
undefined). (Ville Hukkam��ki) **mbstring:** * Fixed bug php#76704
(mb_detect_order return value varies based on argument type). (cmb)
**Opcache:** * Fixed bug php#76747 (Opcache treats path containing
"test.pharma.tld" as a phar file). (Laruence) **OpenSSL:** * Fixed bug
php#76705 (unusable ssl => peer_fingerprint in stream_context_create()). (Jakub
Zelenka) **phpdbg:** * Fixed bug php#76595 (phpdbg man page contains outdated
information). (Kevin Abel) **SPL:** * Fixed bug php#68825 (Exception in
DirectoryIterator::getLinkTarget()). (cmb) * Fixed bug php#68175 (RegexIterator
pregFlags are NULL instead of 0). (Tim Siebels) **Standard:** * Fixed bug
php#76778 (array_reduce leaks memory if callback throws exception). (cmb)
**zlib:** * Fixed bug php#65988 (Zlib version check fails when an include/zlib/
style dir is passed to the --with-zlib configure option). (Jay Bonci) * Fixed
bug php#76709 (Minimal required zlib library is 1.2.0.4). (petk)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2018 Remi Collet <remi(a)remirepo.net> - 7.2.10-1
- Update to 7.2.10 -
http://www.php.net/releases/7_2_10.php
* Thu Aug 16 2018 Remi Collet <remi(a)remirepo.net> - 7.2.9-1
- Update to 7.2.9 -
http://www.php.net/releases/7_2_9.php
* Tue Jul 17 2018 Remi Collet <remi(a)remirepo.net> - 7.2.8-1
- Update to 7.2.8 -
http://www.php.net/releases/7_2_8.php
- FPM: add getallheaders, backported from 7.3
* Wed Jun 20 2018 Remi Collet <remi(a)remirepo.net> - 7.2.7-1
- Update to 7.2.7 -
http://www.php.net/releases/7_2_7.php
* Wed May 23 2018 Remi Collet <remi(a)remirepo.net> - 7.2.6-1
- Update to 7.2.6 -
http://www.php.net/releases/7_2_6.php
* Tue Apr 24 2018 Remi Collet <remi(a)remirepo.net> - 7.2.5-1
- Update to 7.2.5 -
http://www.php.net/releases/7_2_5.php
* Wed Apr 11 2018 Remi Collet <remi(a)remirepo.net> - 7.2.5~RC1-1
- update to 7.2.5RC1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1629552 - CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2
component via body of 'Transfer-Encoding: chunked' request
https://bugzilla.redhat.com/show_bug.cgi?id=1629552
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-b6072889db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------