[ubuntu/xenial-security] php7.0 7.0.4-7ubuntu2.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 24 17:05:55 UTC 2016


php7.0 (7.0.4-7ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
    file
    - debian/patches/CVE-2015-8665-1.patch: properly calculate length in
      ext/fileinfo/libmagic/funcs.c, added test to
      ext/fileinfo/tests/bug71527.*.
    - debian/patches/CVE-2015-8665-2.patch: fix test in
      ext/fileinfo/tests/bug68996.phpt.
    - CVE-2015-8665
  * SECURITY UPDATE: integer overflow in ZipArchive::getFrom*
    - debian/patches/CVE-2016-3078.patch: use zend_string_safe_alloc in
      ext/zip/php_zip.c.
    - CVE-2016-3078
  * SECURITY UPDATE: double-free via SplDoublyLinkedList::offsetSet and
    invalid index
    - debian/patches/CVE-2016-3132.patch: remove extra free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug71735.phpt.
    - CVE-2016-3132
  * SECURITY UPDATE: integer overflow in php_raw_url_encode
    - debian/patches/CVE-2016-4070.patch: use size_t in ext/standard/url.c.
    - CVE-2016-4070
  * SECURITY UPDATE: php_snmp_error() format string Vulnerability
    - debian/patches/CVE-2016-4071.patch: use format string in
      ext/snmp/snmp.c.
    - CVE-2016-4071
  * SECURITY UPDATE: invalid memory write in phar on filename containing
    NULL
    - debian/patches/CVE-2016-4072.patch: require valid paths in
      ext/phar/phar.c, ext/phar/phar_object.c, fix tests in
      ext/phar/tests/badparameters.phpt,
      ext/phar/tests/bug64931/bug64931.phpt,
      ext/phar/tests/create_path_error.phpt,
      ext/phar/tests/phar_extract.phpt,
      ext/phar/tests/phar_isvalidpharfilename.phpt,
      ext/phar/tests/phar_unlinkarchive.phpt,
      ext/phar/tests/pharfileinfo_construct.phpt.
    - CVE-2016-4072
  * SECURITY UPDATE: invalid negative size in mbfl_strcut
    - debian/patches/CVE-2016-4073.patch: fix length checks in
      ext/mbstring/libmbfl/mbfl/mbfilter.c.
    - CVE-2016-4073
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544
  * Re-enable test suite
    - debian/rules, debian/setup-mysql.sh: updated for new MySQL version
      and new layout.

Date: 2016-05-19 16:42:15.880975+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php7.0/7.0.4-7ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list