--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-cd2bd0800f
2016-07-30 18:07:02.382692
--------------------------------------------------------------------------------
Name : php
Product : Fedora 23
Version : 5.6.24
Release : 1.fc23
URL :
http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.
--------------------------------------------------------------------------------
Update Information:
21 Jul 2016, **PHP 5.6.24** **Core:** * Fixed bug php#71936 (Segmentation
fault destroying HTTP_RAW_POST_DATA). (mike dot laspina at gmail dot com, Remi)
* Fixed bug php#72496 (Cannot declare public method with signature incompatible
with parent private method). (Pedro Magalh��es) * Fixed bug php#72138 (Integer
Overflow in Length of String-typed ZVAL). (Stas) * Fixed bug php#72513 (Stack-
based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail
dot com) * Fixed bug php#72562 (Use After Free in unserialize() with Unexpected
Session Deserialization). (taoguangchen at icloud dot com) * Fixed bug php#72573
(HTTP_PROXY is improperly trusted by some PHP libraries and applications).
(CVE-2016-5385) (Stas) **bz2:** * Fixed bug php#72447 (Type Confusion in
php_bz2_filter_create()). (gogil at stealien dot com). * Fixed bug php#72613
(Inadequate error handling in bzread()). (Stas) **EXIF:** * Fixed bug
php#50845 (exif_read_data() returns corrupted exif headers). (Bartosz
Dziewo��ski) * Fixed bug php#72603 (Out of bound read in
exif_process_IFD_in_MAKERNOTE). (Stas) * Fixed bug #72618 (NULL Pointer
Dereference in exif_process_user_comment). (Stas) **Intl:** * Fixed bug
php#72533 (locale_accept_from_http out-of-bounds access). (Stas) **ODBC:** *
Fixed bug php#69975 (PHP segfaults when accessing nvarchar(max) defined columns)
**OpenSSL:** * Fixed bug php#71915 (openssl_random_pseudo_bytes is not fork-
safe). (Jakub Zelenka) * Fixed bug php#72336 (openssl_pkey_new does not fail for
invalid DSA params). (Jakub Zelenka) **SNMP:** * Fixed bug php#72479 (Use
After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at
icloud dot com) **SPL:** * Fixed bug php#55701 (GlobIterator throws
LogicException). (Valentin V��LCIU) **SQLite3:** * Fixed bug php#70628
(Clearing bindings on an SQLite3 statement doesn't work). (cmb) **Streams:** *
Fixed bug php#72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence) **Xmlrpc:** * Fixed bug php#72606 (heap-buffer-overflow
(write) simplestring_addn simplestring.c). (Stas)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at
https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------