135 matches found
Updated php packages fix security vulnerabilities
Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...
MGASA-2019-0042 Updated php packages fix security vulnerabilities
Several buffer overflows in the components GD, MBString, Phar and XMLRPC were discovered and fixed...
MGASA-2018-0484 Updated php packages fix security vulnerability
Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...
MGASA-2018-0390 Updated php packages fix security vulnerability
Int Overflow lead to Heap OverFlow in exifthumbnailextract of exif.c CVE-2018-14883 - heap-buffer-overflow READ of size 48 while reading exif data CVE-2018-14851 - XSS due to the header Transfer-Encoding: chunked...
[slackware-security] php
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.38-i586-1slack14.2.txz: Upgraded. One security bug has been fixed in this release: Apache2: XSS due to the header...
MGASA-2018-0222 Updated php packages fix security vulnerabilities
Heap Buffer Overflow READ: 1786 in exifiifaddvalue CVE-2018-10549 - Stream filter convert.iconv leads to infinite loop on invalid sequence CVE-2018-10546 - Malicious LDAP-Server Response causes Crash. CVE-2018-10548 - incomplete PHAR Fix CVE-2018-10547...
Updated php packages fix security vulnerability
Dumpable FPM child processes allow bypassing opcache access controls php75605...
MGASA-2018-0191 Updated php packages fix security vulnerability
Dumpable FPM child processes allow bypassing opcache access controls php75605...
Updated php packages fix CVE-2018-7584
Updated php packages fix security vulnerability: Update to php 5.6.34 fixes a stack-buffer-overflow while parsing HTTP response. CVE-2018-7584...
MGASA-2018-0081 Updated php & libgd packages fix security vulnerabilities
Potential infinite loop in gdImageCreateFromGifCtx php75571 Reflected XSS in .phar 404 page php74782...
EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1301)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd t...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...
MGASA-2017-0412 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...
MGASA-2017-0040 Updated php packages fix security vulnerabilities
Floating-point exception in php-exif when parsing a tag format CVE-2016-10158. Crash in php-phar while loading hostile phar archive CVE-2016-10159. Memory corruption in php-phar when loading hostile phar CVE-2016-10160. Heap out of bounds read on unserialize in finishnesteddata CVE-2016-10161...
MGASA-2016-0422 Updated php packages fix security vulnerability
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in PHP before 5.6.28 CVE-2016-9934. Invalid read when wddx decodes empty boolean element in PHP before 5.6.29 CVE-2016-9935...
Updated php packages fix security vulnerability
NULL Pointer Dereference in WDDX Packet Deserialization with PDORow in PHP before 5.6.28 CVE-2016-9934. Invalid read when wddx decodes empty boolean element in PHP before 5.6.29 CVE-2016-9935...
MGASA-2016-0319 Updated php packages fix security vulnerabilities
Memory Corruption in During Deserialized-object Destruction CVE-2016-7411. Heap overflow in mysqlnd related to BIT fields CVE-2016-7412. wddxdeserialize use-after-free CVE-2016-7413. Out of bound when verify signature of zip phar in pharparsezipfile CVE-2016-7414. Missing locale length check in...
Updated php packages fix security vulnerabilities
Memory Corruption in During Deserialized-object Destruction CVE-2016-7411. Heap overflow in mysqlnd related to BIT fields CVE-2016-7412. wddxdeserialize use-after-free CVE-2016-7413. Out of bound when verify signature of zip phar in pharparsezipfile CVE-2016-7414. Missing locale length check in...
MGASA-2016-0293 Updated php packages fix security vulnerability
The php package has been updated to version 5.6.25, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...
MGASA-2016-0238 Updated php packages fix security vulnerability
php-mbstring phpmbregexeregreplaceexec - double free CVE-2016-5768. php-mcrypt heap Overflow due to integer overflows CVE-2016-5769. php-SPL int/sizet confusion in SplFileObject::fread CVE-2016-5770. php-SPL Use After Free Vulnerability in PHP's GC algorithm and unserialize CVE-2016-5771. php-WDD...