Fedora 26 : php (2018-c71dd2e199)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

Updated php packages fix security vulnerability

Dumpable FPM child processes allow bypassing opcache access controls php75605...

MGASA-2018-0191 Updated php packages fix security vulnerability

Dumpable FPM child processes allow bypassing opcache access controls php75605...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 27 : php (2017-46e8bdccef)

PHP version 7.1.11 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...

Ubuntu: Security Advisory (USN-3382-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3382-1 php5, php7.0 vulnerabilities

It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8994 It was discovered that the PHP...

Design/Logic Flaw

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

CVE-2015-8994

Removed by vendor...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

CVE-2015-8994

CVE-2015-8994 concerns PHP 5.x and 7.x when using apache2handler/mod_php or php-fpm with OpCache enabled. In affected SAPIs, Zend OpCache creates a shared memory object owned by the common parent during initialization, and child processes inherit its descriptor. This can allow opcode cache data t...

UBUNTU-CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

PT-2017-1613 · Zend Technologies +4 · Zend Opcache +6

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.6.28 PHP versions prior to 7.0.13 Description: The issue exists due to inadequate access control when inheriting certain classes related to operational code in PHP configurations using apache2handler/mod php or php-fpm...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

PHP 5.6.29 releases, security vulnerability fixes-bug warning-the black bar safety net

The PHP development team announced PHP 5.6.29 available. This is a safe version that fixes several security vulnerabilities. Suggested that all PHP 5.6 users upgrade to this version. Update content: Mysqlnd: Fixed bug 64526 the missing mysqlnd. Add parameters to the php. ini-. Opcache: Fixed bug...

Fedora 25 : php (2016-dc5bf39fcf)

15 Sep 2016 PHP version 7.0.11 Core: - Fixed bug php72944 NULL pointer deref in zvaldelrefp. Dmitry - Fixed bug php72943 assigndim on string doesn't reset hval. Laruence - Fixed bug php72911 Memleak in zendbinaryassignopobjhelper. Laruence - Fixed bug php72813 Segfault with get returned by ref...

Fedora 23 : php (2016-0729e59542)

13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...