Detections
Analytics

Fedora 29 : php (2018-08ceba4f8f)

high Nessus Plugin ID 120222

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**PHP version 7.2.12** (08 Nov 2018)

**Core:**

 - Fixed bug php#76846 (Segfault in shutdown function after memory limit error). (Nikita)

 - Fixed bug php#76946 (Cyclic reference in generator not detected). (Nikita)

 - Fixed bug php#77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot)

 - Fixed bug php#77041 (buildconf should output error messages to stderr) (Mizunashi Mana)

**Date:**

 - Upgraded timelib to 2017.08. (Derick)

 - Fixed bug php#75851 (Year component overflow with date formats 'c', 'o', 'r' and 'y'). (Adam Saponara)

 - Fixed bug php#77007 (fractions in `diff()` are not correctly normalized). (Derick)

**FCGI:**

 - Fixed php#76948 (Failed shutdown/reboot or end session in Windows). (Anatol)

 - Fixed bug php#76954 (apache_response_headers removes last character from header name). (stodorovic)

**FTP:**

 - Fixed bug php#76972 (Data truncation due to forceful ssl socket shutdown). (Manuel Mausz)

**intl:**

 - Fixed bug php#76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)

**Reflection:**

 - Fixed bug php#76936 (Objects cannot access their private attributes while handling reflection errors). (Nikita)

 - Fixed bug php#66430 (ReflectionFunction::invoke does not invoke closure with object scope). (Nikita)

**Sodium:**

 - Some base64 outputs were truncated; this is not the case any more. (jedisct1)

 - block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed. (jedisct1)

 - Fixed bug php#77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input). (jedisct1)

**Standard:**

 - Fixed bug php#76965 (INI_SCANNER_RAW doesn't strip trailing whitespace). (Pierrick)

**Tidy:**

 - Fixed bug php#77027 (tidy::getOptDoc() not available on Windows). (cmb)

**XML:**

 - Fixed bug php#30875 (xml_parse_into_struct() does not resolve entities). (cmb)

 - Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb)

**XMLRPC:**

 - Fixed bug php#75282 (xmlrpc_encode_request() crashes).
 (cmb)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-08ceba4f8f

Plugin Details

Severity: High

ID: 120222

File Name: fedora_2018-08ceba4f8f.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/3/2019

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php, cpe:/o:fedoraproject:fedora:29

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 11/16/2018

Vulnerability Publication Date: 11/16/2018

Reference Information