Fedora 28 : php-erusev-parsedown (2019-009fdcfb60)

1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...

USN-3902-1 php5, php7.0 vulnerabilities

It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2019-9020, CVE-2019-9024 It was discovered that the PHP PHAR module incorrectly handled certain...

USN-3902-1: PHP vulnerabilities

It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2019-9020, CVE-2019-9024 It was discovered that the PHP PHAR module incorrectly handled certain...

Fedora 29 : php-erusev-parsedown (2019-b02e9bf467)

1.7.1 - \475: 'Loose' lists will now contain paragraphs in all items, not just some. - \433: Links will no longer be double nested - \525: The info-string when beginning a code block may now contain non-word characters e.g. c++ - \561: The mbstring extension which we already depend on has been...

Debian: Security Advisory (DSA-4398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Heap overflow

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

CVE-2019-9025

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mbsplit function in ext/mbstring/phpmbregex.c can cause PHP to execute memcpy with a negative argument, which could read and write past buffers allocated for the data...

CVE-2019-9025

CVE-2019-9025 affects PHP 7.3.x before 7.3.1. An invalid multibyte string passed to mb_split() in ext/mbstring/php_mbregex.c can cause memcpy() to be called with a negative argument, allowing read/write past allocated buffers and potential crash. Remediation per sources is to upgrade to a fixed P...

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

EUVD-2019-18410

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

UBUNTU-CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

PHP 7.2.x < 7.2.14 Multiple vulnerabilities.

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.14. It is, therefore, affected by multiple vulnerabilities: - An integer underflow condition exists in gdContributionsAlloc function in gdinterpolation.c. An unauthenticated, remote attacker can hav...

MGASA-2019-0042 Updated php packages fix security vulnerabilities

Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...

Updated php packages fix security vulnerabilities

Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...

Fedora 28 : php (2018-b6072889db)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 28 : php (2018-9438795217)

PHP version 7.2.8 19 Jul 2018 Core: - Fixed bug php76534 PHP hangs on 'illegal string offset on string references with an error handler. Laruence - Fixed bug php76520 Object creation leaks memory when executed over HTTP. Nikita - Fixed bug php76502 Chain of mixed exceptions and errors does not...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 28 : php (2018-b13b720a3d)

PHP version 7.2.4 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...