Fedora

Fedora 21 Security Update: php-5.6.4-2.fc21

Leave a comment

Resolved Bugs
1175718 – CVE-2014-8142 php: use after free vulnerability in unserialize()
1176156 – CVE-2014-8142 php: use after free vulnerability in unserialize() [fedora-all]<br
18 Dec 2014, PHP 5.6.4\r\n\r\nCore:\r\n* Fixed bug #68091 (Some Zend headers lack appropriate extern “C” blocks). (Adam)\r\n* Fixed bug #68104 (Segfault while pre-evaluating a disabled function). (Laruence)\r\n* Fixed bug #68185 (“Inconsistent insteadof definition.”- incorrectly triggered). (Julien)\r\n* Fixed bug #68355 (Inconsistency in example php.ini comments). (Chris McCafferty)\r\n* Fixed bug #68370 (“unset($this)” can make the program crash). (Laruence)\r\n* Fixed bug #68422 (Incorrect argument reflection info for array_multisort()). (Alexander Lisachenko)\r\n* Fixed bug #68446 (Array constant not accepted for array parameter default). (Bob, Dmitry)\r\n* Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)\r\n* Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)\r\n\r\nDate:\r\n* Fixed day_of_week function as it could sometimes return negative values internally. (Derick)\r\n\r\nFPM:\r\n* Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)\r\n* Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)\r\n* Fixed bug #68421 (access.format=’%R’ doesn’t log ipv6 address). (Remi)\r\n* Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)\r\n* Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)\r\n* Fixed bug #68452 (php-fpm man page is oudated). (Remi)\r\n* Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)\r\n* Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)\r\n* Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)\r\n* Fixed bug #68478 (access.log don’t use prefix). (Remi)\r\n\r\nGMP:\r\n* Fixed bug #68419 (build error with gmp 4.1). (Remi)\r\n\r\nMcrypt:\r\n* Fixed possible read after end of buffer and use after free. (Dmitry)\r\n\r\nPDO_pgsql:\r\n* Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)\r\n* Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo)\r\n\r\nSession:\r\n* Fixed bug #68331 (Session custom storage callable functions not being called) (Yasuo Ohgaki)\r\n\r\nSOAP:\r\n* Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence)\r\n\r\nzlib:\r\n* Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)

Leave a Reply