4 captures
05 Sep 2015 - 18 Oct 2016
Aug SEP Oct
05
2014 2015 2016
success
fail

About this capture

COLLECTED BY

Organization: Internet Archive

The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.

Collection: Wide Crawl Number 13

Web Wide Crawl Number 13
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20150905102506/http://lwn.net/Alerts/649222/
  
LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for September 3, 2015

Debsources as a platform

LWN.net Weekly Edition for August 27, 2015

Reviving the Hershey fonts

Glibc wrappers for (nearly all) Linux system calls

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Oracle alert ELSA-2015-1135 (php)




From:
           Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
           el-errata@oss.oracle.com 


Subject:
           [El-errata] ELSA-2015-1135 Important: Oracle Linux 7 php security and bug fix update 


Date:
           Tue, 23 Jun 2015 12:34:54 -0700


Message-ID:
           <5589B4DE.5050302@oracle.com>

Oracle Linux Security Advisory ELSA-2015-1135 http://linux.oracle.com/errata/ELSA-2015-1135.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/php-5.4.16-36.el7... Description of changes: [5.4.16-36] - fix more functions accept paths with NUL character #1213407 [5.4.16-35] - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character CVE-2015-4025, CVE-2015-4026, #1213407 - fileinfo: fix denial of service when processing a crafted file #1213442 - ftp: fix integer overflow leading to heap overflow when reading FTP file listing CVE-2015-4022 - phar: fix buffer over-read in metadata parsing CVE-2015-2783 - phar: invalid pointer free() in phar_tar_process_metadata() CVE-2015-3307 - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 - phar: fix memory corruption in phar_parse_tarfile caused by empty entry file name CVE-2015-4021 - soap: fix type confusion through unserialize #1222538 - apache2handler: fix pipelined request executed in deinitialized interpreter under httpd 2.4 CVE-2015-3330 [5.4.16-34] - fix memory corruption in fileinfo module on big endian machines #1082624 - fix segfault in pdo_odbc on x86_64 #1159892 - fix segfault in gmp allocator #1154760 [5.4.16-33] - core: use after free vulnerability in unserialize() CVE-2014-8142 and CVE-2015-0231 - core: fix use-after-free in unserialize CVE-2015-2787 - core: fix NUL byte injection in file name argument of move_uploaded_file() CVE-2015-2348 - date: use after free vulnerability in unserialize CVE-2015-0273 - enchant: fix heap buffer overflow in enchant_broker_request_dict CVE-2014-9705 - exif: free called on unitialized pointer CVE-2015-0232 - fileinfo: fix out of bounds read in mconvert CVE-2014-9652 - gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709 - phar: use after free in phar_object.c CVE-2015-2301 - soap: fix type confusion through unserialize [5.4.16-31] - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 [5.4.16-29] - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 - exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 [5.4.16-27] - gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538 - fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478 - fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587 - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597 [5.4.16-25] - fix segfault after startup on aarch64 (#1107567) - compile php with -O3 on ppc64le (#1123499) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata

(Log in to post comments)


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds