-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-14985 2013-08-19 20:20:59 --------------------------------------------------------------------------------
Name : php Product : Fedora 18 Version : 5.4.19 Release : 1.fc18 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module which adds support for the PHP language to Apache HTTP Server.
-------------------------------------------------------------------------------- Update Information:
Version 5.4.19, 22-Aug-2013
Core: * Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse'). (Laruence)
Openssl: * Fixed UMR in fix for CVE-2013-4248.
Version 5.4.18, 15-Aug-2013
Core: * Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). * Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace). * Fixed bug #65108 (is_callable() triggers Fatal Error). * Fixed bug #65088 (Generated configure script is malformed on OpenBSD). * Fixed bug #62964 (Possible XSS on "Registered stream filters" info). * Fixed bug #62672 (Error on serialize of ArrayObject). * Fixed bug #62475 (variant_* functions causes crash when null given as an argument). * Fixed bug #60732 (php_error_docref links to invalid pages). * Fixed bug #65226 (chroot() does not get enabled).
CLI server: * Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).
CURL: * Fixed bug #62665 (curl.cainfo doesn't appear in php.ini).
FTP: * Fixed bug #65228 (FTPs memory leak with SSL).
GMP: * Fixed bug #65227 (Memory leak in gmp_cmp second parameter).
Imap: * Fixed bug #64467 (Segmentation fault after imap_reopen failure).
Intl: * Fixed bug #62759 (Buggy grapheme_substr() on edge case). Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
mysqlnd: * Fixed segfault in mysqlnd when doing long prepare.
ODBC: * Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array).
Openssl: * Fixed handling null bytes in subjectAltName (CVE-2013-4248).
PDO_dblib: * Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)).
PDO_pgsql: * Fixed meta data retrieve when OID is larger than 2^31.
Session: * Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as documented). * Fixed bug #35703 (when session_name("123") consist only digits, should warning). * Fixed bug #49175 (mod_files.sh does not support hash bits).
Sockets: * Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
SPL: * Fixed bug #65136 (RecursiveDirectoryIterator segfault). * Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice). * Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings).
-------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 22 2013 Remi Collet rcollet@redhat.com - 5.4.19-1 - update to 5.4.19 * Mon Aug 19 2013 Remi Collet rcollet@redhat.com - 5.4.18-1 - update to 5.4.18, fix for CVE-2013-4248 - add Provides: php(pdo-abi), for consistency with php(api) and php(zend-abi) - fix php-enchant package summary and description * Fri Jul 12 2013 Remi Collet rcollet@redhat.com - 5.4.17-2 - add security fix for CVE-2013-4113 - add missing ASL 1.0 license * Wed Jul 3 2013 Remi Collet rcollet@redhat.com 5.4.17-1 - update to 5.4.17 - add missing man pages (phar, php-cgi) * Wed Jun 5 2013 Remi Collet rcollet@redhat.com 5.4.16-1 - update to 5.4.16 - switch systemd unit to Type=notify - patch for upstream Bug #64915 error_log ignored when daemonize=0 - patch for upstream Bug #64949 Buffer overflow in _pdo_pgsql_error - patch for upstream bug #64960 Segfault in gc_zval_possible_root * Thu May 9 2013 Remi Collet rcollet@redhat.com 5.4.15-1 - update to 5.4.15 - add version to "Obsoletes" - own /usr/share/fpm * Thu Apr 11 2013 Remi Collet rcollet@redhat.com 5.4.14-1 - update to 5.4.14 - clean old deprecated options * Thu Mar 14 2013 Remi Collet rcollet@redhat.com 5.4.13-1 - update to 5.4.13 - security fix for CVE-2013-1643 - Hardened build (links with -z now option) - Remove %config from %{_sysconfdir}/rpm/macros.* (https://fedorahosted.org/fpc/ticket/259). * Wed Feb 20 2013 Remi Collet remi@fedoraproject.org 5.4.12-1 - update to 5.4.12 - security fix for CVE-2013-1635 - enable tokyocabinet dba handler - upstream patch (5.4.13) to fix dval to lval conversion https://bugs.php.net/64142 - upstream patch (5.4.13) for 2 failed tests - fix buit-in web server on ppc64 (fdset usage) https://bugs.php.net/64128 * Wed Jan 16 2013 Remi Collet rcollet@redhat.com 5.4.11-1 - update to 5.4.11 - fix php.conf to allow MultiViews managed by php scripts * Wed Dec 19 2012 Remi Collet rcollet@redhat.com 5.4.10-1 - update to 5.4.10 - remove patches merged upstream * Tue Dec 11 2012 Remi Collet rcollet@redhat.com 5.4.9-3 - drop "Configure Command" from phpinfo output * Tue Dec 11 2012 Joe Orton jorton@redhat.com - 5.4.9-2 - prevent php_config.h changes across (otherwise identical) rebuilds -------------------------------------------------------------------------------- References:
[ 1 ] Bug #997097 - CVE-2013-4248 php: hostname check bypassing vulnerability in SSL client https://bugzilla.redhat.com/show_bug.cgi?id=997097 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org