Fedora 27 : php (2018-d034538627)

high Nessus Plugin ID 106086

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.1.13** (04 Jan 2018)

**Core:**

- Fixed bug php#75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)

- Fixed bug php#75384 (PHP seems incompatible with OneDrive files on demand). (Anatol)

- Fixed bug php#74862 (Unable to clone instance when private __clone defined). (Daniel Ciochiu)

- Fixed bug php#75074 (php-process crash when is_file() is used with strings longer 260 chars). (Anatol)

**CLI Server:**

- Fixed bug php#60471 (Random 'Invalid request (unexpected EOF)' using a router script). (SammyK)

- Fixed bug php#73830 (Directory does not exist). (Anatol)

**FPM:**

- Fixed bug php#64938 (libxml_disable_entity_loader setting is shared between requests). (Remi)

**Opcache:**

- Fixed bug php#75608 ('Narrowing occurred during type inference' error). (Laruence, Dmitry)

- Fixed bug php#75579 (Interned strings buffer overflow may cause crash). (Dmitry)

- Fixed bug php#75570 ('Narrowing occurred during type inference' error). (Dmitry)

**PCRE:**

- Fixed bug php#74183 (preg_last_error not returning error code after error). (Andrew Nester)

**Phar:**

- Fixed bug php#74782 (remove file name from output to avoid XSS). (stas)

**Standard:**

- Fixed bug php#75511 (fread not free unused buffer).
(Laruence)

- Fixed bug php#75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)

- Fixed bug php#75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (Nikita)

- Fixed bug php#75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
(sarciszewski)

- Fixed bug php#73124 (php_ini_scanned_files() not reporting correctly). (John Stevenson)

- Fixed bug php#75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
(Anatol)

**Zip:**

- Fixed bug php#75540 (Segfault with libzip 1.3.1). (Remi)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-d034538627

Plugin Details

Severity: High

ID: 106086

File Name: fedora_2018-d034538627.nasl

Version: 3.4

Type: local

Agent: unix

Published: 1/17/2018

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:27

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/16/2018

Vulnerability Publication Date: 1/16/2018

Reference Information