|
|
Subscribe / Log in / New account

Oracle alert ELSA-2016-2598 (php)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2016-2598 Moderate: Oracle Linux 7 php security and bug fix update 


Date:
    	      Thu, 10 Nov 2016 11:09:37 -0800


Message-ID:
    	      <5824C5F1.6030102@oracle.com>


Oracle Linux Security Advisory ELSA-2016-2598

http://linux.oracle.com/errata/ELSA-2016-2598.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
php-5.4.16-42.el7.x86_64.rpm
php-bcmath-5.4.16-42.el7.x86_64.rpm
php-cli-5.4.16-42.el7.x86_64.rpm
php-common-5.4.16-42.el7.x86_64.rpm
php-dba-5.4.16-42.el7.x86_64.rpm
php-devel-5.4.16-42.el7.x86_64.rpm
php-embedded-5.4.16-42.el7.x86_64.rpm
php-enchant-5.4.16-42.el7.x86_64.rpm
php-fpm-5.4.16-42.el7.x86_64.rpm
php-gd-5.4.16-42.el7.x86_64.rpm
php-intl-5.4.16-42.el7.x86_64.rpm
php-ldap-5.4.16-42.el7.x86_64.rpm
php-mbstring-5.4.16-42.el7.x86_64.rpm
php-mysql-5.4.16-42.el7.x86_64.rpm
php-mysqlnd-5.4.16-42.el7.x86_64.rpm
php-odbc-5.4.16-42.el7.x86_64.rpm
php-pdo-5.4.16-42.el7.x86_64.rpm
php-pgsql-5.4.16-42.el7.x86_64.rpm
php-process-5.4.16-42.el7.x86_64.rpm
php-pspell-5.4.16-42.el7.x86_64.rpm
php-recode-5.4.16-42.el7.x86_64.rpm
php-snmp-5.4.16-42.el7.x86_64.rpm
php-soap-5.4.16-42.el7.x86_64.rpm
php-xml-5.4.16-42.el7.x86_64.rpm
php-xmlrpc-5.4.16-42.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-42.el7...



Description of changes:

[5.4.16-42]
- bz2: fix improper error handling in bzread() CVE-2016-5399

[5.4.16-41]
- gd: fix integer overflow in _gd2GetHeader() resulting in
   heap overflow CVE-2016-5766
- gd: fix integer overflow in gdImagePaletteToTrueColor()
   resulting in heap overflow CVE-2016-5767
- mbstring: fix double free in _php_mb_regex_ereg_replace_exec
   CVE-2016-5768

[5.4.16-40]
- don't set environmental variable based on user supplied Proxy
   request header CVE-2016-5385

[5.4.16-39]
- fix segmentation fault in header_register_callback #1344578

[5.4.16-38]
- curl: add options to enable TLS #1291667
- mysqli: fix segfault in mysqli_stmt::bind_result() when
   link is closed #1096800
- fpm: fix incorrectly defined SCRIPT_NAME variable when
   using Apache #1138563
- core: fix segfault when a zend_extension is loaded twice #1289457
- openssl: change default_md algo from MD5 to SHA1 #1073388
- wddx: fix segfault in php_wddx_serialize_var #1131979

[5.4.16-37]
- session: fix segfault in session with rfc1867 #1297179


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds