[SECURITY] Fedora 21 Update: php-5.6.11-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 29 01:58:13 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-11581
2015-07-14 12:24:25
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 21
Version     : 5.6.11
Release     : 1.fc21
URL         : http://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

10 Jul 2015, **PHP 5.6.11**

**Core:**
* Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
* Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle)
* Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry)
* Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski)
* Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker)
* Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz)
* Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita)
* Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz)
* Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
* Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo)

**GD:**
* Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)

**GMP:**
* Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). (Nikita)

**PCRE:**
* Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb)
* Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)

**PDO_pgsql:**
* Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter)
* Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo)
* Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo)

**SimpleXML:**
* Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker)

**SPL:**
* Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas)
* Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
* Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence)

**Sqlite3:**
* Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence)

--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 12 2015 Remi Collet <remi at fedoraproject.org> 5.6.11-1
- Update to 5.6.11
  http://www.php.net/releases/5_6_11.php
- the phar link is now correctly created
* Thu Jun 11 2015 Remi Collet <remi at fedoraproject.org> 5.6.10-1
- Update to 5.6.10
  http://www.php.net/releases/5_6_10.php
- add explicit spec license (implicit by FPCA)
- opcache is now 7.0.6-dev
* Fri May 15 2015 Remi Collet <remi at fedoraproject.org> 5.6.9-1
- Update to 5.6.9
  http://www.php.net/releases/5_6_9.php
- adapt systzdata patch for upstream changes for new zic
* Thu Apr 16 2015 Remi Collet <remi at fedoraproject.org> 5.6.8-1
- Update to 5.6.8
  http://www.php.net/releases/5_6_8.php
* Fri Mar 20 2015 Remi Collet <remi at fedoraproject.org> 5.6.7-1
- Update to 5.6.7
  http://www.php.net/releases/5_6_7.php
* Thu Feb 19 2015 Remi Collet <remi at fedoraproject.org> 5.6.6-1
- Update to 5.6.6
  http://www.php.net/releases/5_6_6.php
* Thu Jan 22 2015 Remi Collet <remi at fedoraproject.org> 5.6.5-1
- Update to 5.6.5
  http://www.php.net/releases/5_6_5.php
- FPM: enable ACL support for Unix Domain Socket
* Wed Dec 17 2014 Remi Collet <remi at fedoraproject.org> 5.6.4-2
- Update to 5.6.4 (real)
  http://www.php.net/releases/5_6_4.php
- php-xmlrpc requires php-xml
* Wed Dec 10 2014 Remi Collet <remi at fedoraproject.org> 5.6.4-1
- Update to 5.6.4
  http://www.php.net/releases/5_6_4.php
* Fri Nov 28 2014 Remi Collet <rcollet at redhat.com> 5.6.4-0.1.RC1
- php 5.6.4RC1
* Mon Nov 17 2014 Remi Collet <remi at fedoraproject.org> 5.6.3-4
- FPM: add upstream patch for https://bugs.php.net/68428
  listen.allowed_clients is IPv4 only
* Mon Nov 17 2014 Remi Collet <remi at fedoraproject.org> 5.6.3-3
- sync php-fpm configuration with upstream
- refresh upstream patch for 68421
* Sun Nov 16 2014 Remi Collet <remi at fedoraproject.org> 5.6.3-2
- FPM: add upstream patch for https://bugs.php.net/68421
  access.format=R doesn't log ipv6 address
- FPM: add upstream patch for https://bugs.php.net/68420
  listen=9000 listens to ipv6 localhost instead of all addresses
- FPM: add upstream patch for https://bugs.php.net/68423
  will no longer load all pools
* Thu Nov 13 2014 Remi Collet <remi at fedoraproject.org> 5.6.3-1
- Update to PHP 5.6.3
  http://php.net/releases/5_6_3.php
* Fri Oct 31 2014 Remi Collet <rcollet at redhat.com> 5.6.3-0.2.RC1
- php 5.6.3RC1 (refreshed, phpdbg changes reverted)
- new version of systzdata patch, fix case sensitivity
- ignore Factory in date tests
* Wed Oct 29 2014 Remi Collet <rcollet at redhat.com> 5.6.3-0.1.RC1
- php 5.6.3RC1
- disable opcache.fast_shutdown in default config
- enable phpdbg_webhelper new extension (in php-dbg)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1245236 - CVE-2015-5589 php: segmentation fault in Phar::convertToData on invalid file
        https://bugzilla.redhat.com/show_bug.cgi?id=1245236
  [ 2 ] Bug #1245242 - CVE-2015-5590 php: buffer overflow and stack smashing error in phar_fix_filepath
        https://bugzilla.redhat.com/show_bug.cgi?id=1245242
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list