Detections
Analytics

Fedora 22 : php-5.6.18-1.fc22 (2016-1bc6ca8445)

high Nessus Plugin ID 89487

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

04 Feb 2016, **PHP 5.6.18** **Core:** * Fixed bug php#71039 (exec functions ignore length but look for NULL termination). (Anatol) * Fixed bug php#71089 (No check to duplicate zend_extension). (Remi) * Fixed bug php#71201 (round() segfault on 64-bit builds). (Anatol) * Added support for new HTTP 451 code. (Julien) * Fixed bug php#71273 (A wrong ext directory setup in php.ini leads to crash). (Anatol) * Fixed bug php#71323 (Output of stream_get_meta_data can be falsified by its input). (Leo Gaspard) * Fixed bug php#71459 (Integer overflow in iptcembed()). (Stas) **Apache2handler:** * Fix >2G Content-Length headers in apache2handler. (Adam Harvey) **FTP:** * Implemented FR php#55651 (Option to ignore the returned FTP PASV address). (abrender at elitehosts dot com) **Opcache:** * Fixed bug php#71127 (Define in auto_prepend_file is overwrite). (Laruence) * Fixed bug php#71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server). (Anatol) **Phar:** * Fixed bug php#71354 (Heap corruption in tar/zip/phar parser). (Stas) * Fixed bug php#71391 (NULL pointer Dereference in phar_tar_setupmetadata()). (Stas) * Fixed bug php#71488 (Stack overflow when decompressing tar archives). (Stas) **Session:**
* Fixed bug php#69111 (Crash in SessionHandler::read()). (Anatol)
**SOAP:** * Fixed bug php#70979 (crash with bad soap request).
(Anatol) **SPL:** * Fixed bug php#71204 (segfault if clean spl_autoload_funcs while autoloading). (Laruence) **WDDX:** * Fixed bug php#71335 (Type Confusion in WDDX Packet Deserialization). (Stas)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

http://www.nessus.org/u?ea38452e

Plugin Details

Severity: High

ID: 89487

File Name: fedora_2016-1bc6ca8445.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/14/2016

Reference Information