[El-errata] ELSA-2015-1186 Important: Oracle Linux Software Collections 1.2 for Oracle Linux 7 php55-php security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Feb 5 13:48:06 PST 2016
Oracle Linux Software Collections Security Advisory ELSA-2015-1186
The following updated rpms for Oracle Linux Software Collections 1.2 for
Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
php55-php-5.5.21-4.el7.x86_64.rpm
php55-php-bcmath-5.5.21-4.el7.x86_64.rpm
php55-php-cli-5.5.21-4.el7.x86_64.rpm
php55-php-common-5.5.21-4.el7.x86_64.rpm
php55-php-dba-5.5.21-4.el7.x86_64.rpm
php55-php-devel-5.5.21-4.el7.x86_64.rpm
php55-php-enchant-5.5.21-4.el7.x86_64.rpm
php55-php-fpm-5.5.21-4.el7.x86_64.rpm
php55-php-gd-5.5.21-4.el7.x86_64.rpm
php55-php-gmp-5.5.21-4.el7.x86_64.rpm
php55-php-intl-5.5.21-4.el7.x86_64.rpm
php55-php-ldap-5.5.21-4.el7.x86_64.rpm
php55-php-mbstring-5.5.21-4.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-4.el7.x86_64.rpm
php55-php-odbc-5.5.21-4.el7.x86_64.rpm
php55-php-opcache-5.5.21-4.el7.x86_64.rpm
php55-php-pdo-5.5.21-4.el7.x86_64.rpm
php55-php-pgsql-5.5.21-4.el7.x86_64.rpm
php55-php-process-5.5.21-4.el7.x86_64.rpm
php55-php-pspell-5.5.21-4.el7.x86_64.rpm
php55-php-recode-5.5.21-4.el7.x86_64.rpm
php55-php-snmp-5.5.21-4.el7.x86_64.rpm
php55-php-soap-5.5.21-4.el7.x86_64.rpm
php55-php-xml-5.5.21-4.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-4.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/SCL/1.2/OL7/SRPMS/php55-php-5.5.21-4.el7.src.rpm
Description of changes:
[5.5.21-4]
- fix more functions accept paths with NUL character #1213407
[5.5.21-3]
- core: fix multipart/form-data request can use excessive
amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
file #1213442
- ftp: fix integer overflow leading to heap overflow when
reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
empty entry file name CVE-2015-4021
- pgsql: fix NULL pointer dereference CVE-2015-1352
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
interpreter under httpd 2.4 CVE-2015-3330
More information about the El-errata
mailing list