Описание
ELSA-2016-2598: php security and bug fix update (MODERATE)
[5.4.16-42]
- bz2: fix improper error handling in bzread() CVE-2016-5399
[5.4.16-41]
- gd: fix integer overflow in _gd2GetHeader() resulting in heap overflow CVE-2016-5766
- gd: fix integer overflow in gdImagePaletteToTrueColor() resulting in heap overflow CVE-2016-5767
- mbstring: fix double free in _php_mb_regex_ereg_replace_exec CVE-2016-5768
[5.4.16-40]
- don't set environmental variable based on user supplied Proxy request header CVE-2016-5385
[5.4.16-39]
- fix segmentation fault in header_register_callback #1344578
[5.4.16-38]
- curl: add options to enable TLS #1291667
- mysqli: fix segfault in mysqli_stmt::bind_result() when link is closed #1096800
- fpm: fix incorrectly defined SCRIPT_NAME variable when using Apache #1138563
- core: fix segfault when a zend_extension is loaded twice #1289457
- openssl: change default_md algo from MD5 to SHA1 #1073388
- wddx: fix segfault in php_wddx_serialize_var #1131979
[5.4.16-37]
- session: fix segfault in session with rfc1867 #1297179
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
php
5.4.16-42.el7
php-bcmath
5.4.16-42.el7
php-cli
5.4.16-42.el7
php-common
5.4.16-42.el7
php-dba
5.4.16-42.el7
php-devel
5.4.16-42.el7
php-embedded
5.4.16-42.el7
php-enchant
5.4.16-42.el7
php-fpm
5.4.16-42.el7
php-gd
5.4.16-42.el7
php-intl
5.4.16-42.el7
php-ldap
5.4.16-42.el7
php-mbstring
5.4.16-42.el7
php-mysql
5.4.16-42.el7
php-mysqlnd
5.4.16-42.el7
php-odbc
5.4.16-42.el7
php-pdo
5.4.16-42.el7
php-pgsql
5.4.16-42.el7
php-process
5.4.16-42.el7
php-pspell
5.4.16-42.el7
php-recode
5.4.16-42.el7
php-snmp
5.4.16-42.el7
php-soap
5.4.16-42.el7
php-xml
5.4.16-42.el7
php-xmlrpc
5.4.16-42.el7
Oracle Linux x86_64
php
5.4.16-42.el7
php-bcmath
5.4.16-42.el7
php-cli
5.4.16-42.el7
php-common
5.4.16-42.el7
php-dba
5.4.16-42.el7
php-devel
5.4.16-42.el7
php-embedded
5.4.16-42.el7
php-enchant
5.4.16-42.el7
php-fpm
5.4.16-42.el7
php-gd
5.4.16-42.el7
php-intl
5.4.16-42.el7
php-ldap
5.4.16-42.el7
php-mbstring
5.4.16-42.el7
php-mysql
5.4.16-42.el7
php-mysqlnd
5.4.16-42.el7
php-odbc
5.4.16-42.el7
php-pdo
5.4.16-42.el7
php-pgsql
5.4.16-42.el7
php-process
5.4.16-42.el7
php-pspell
5.4.16-42.el7
php-recode
5.4.16-42.el7
php-snmp
5.4.16-42.el7
php-soap
5.4.16-42.el7
php-xml
5.4.16-42.el7
php-xmlrpc
5.4.16-42.el7
Связанные CVE
Связанные уязвимости
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x befor ...