Upstream has released PHP 5.6.37 on July 20: http://us3.php.net/archive/2018.php#id2018-07-20-1 It fixes two security issues: http://www.php.net/ChangeLog-5.php#5.6.37
Assigning to the PHP stack maintainers, CC'ing the registered maintainer.
CC: (none) => mageia, marja11Assignee: bugsquad => php
I'll do this with 7.2.10 or 5.6.38, depending which one is first. These issues are not severe.
openSUSE has issued an advisory for this today (September 12): https://lists.opensuse.org/opensuse-updates/2018-09/msg00052.html I'm not sure if CVE-2017-9118 affects us (in pcre or php).
They aren't issuing 5.6.x updates very often anymore. I'd just update it.
we are not affected, tested for this issue. Suse released an update for php 5.5, not 5.6.
as we have new releases for php 7 today, with #76582 (XSS due to the header Transfer-Encoding: chunked). I assume we'll get php 5.6.38.
I wouldn't assume that. The 5.6.x and 7.x releases haven't been coordinated for a while now.
Assignee: php => mageia
Summary: PHP 5.6.37 => PHP 5.6.38
Updated php packages fix security vulnerabilities: - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c(CVE-2018-14883) - heap-buffer-overflow (READ of size 48) while reading exif data (CVE-2018-14851) - XSS due to the header Transfer-Encoding: chunked ======================== References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14851 ======================== Updated packages in core/updates_testing: php-ini-5.6.38-1.mga6 apache-mod_php-5.6.38-1.mga6 php-cli-5.6.38-1.mga6 php-cgi-5.6.38-1.mga6 lib64php5_common5-5.6.38-1.mga6 php-devel-5.6.38-1.mga6 php-openssl-5.6.38-1.mga6 php-zlib-5.6.38-1.mga6 php-doc-5.6.38-1.mga6 php-bcmath-5.6.38-1.mga6 php-bz2-5.6.38-1.mga6 php-calendar-5.6.38-1.mga6 php-ctype-5.6.38-1.mga6 php-curl-5.6.38-1.mga6 php-dba-5.6.38-1.mga6 php-dom-5.6.38-1.mga6 php-enchant-5.6.38-1.mga6 php-exif-5.6.38-1.mga6 php-fileinfo-5.6.38-1.mga6 php-filter-5.6.38-1.mga6 php-ftp-5.6.38-1.mga6 php-gd-5.6.38-1.mga6 php-gettext-5.6.38-1.mga6 php-gmp-5.6.38-1.mga6 php-hash-5.6.38-1.mga6 php-iconv-5.6.38-1.mga6 php-imap-5.6.38-1.mga6 php-interbase-5.6.38-1.mga6 php-intl-5.6.38-1.mga6 php-json-5.6.38-1.mga6 php-ldap-5.6.38-1.mga6 php-mbstring-5.6.38-1.mga6 php-mcrypt-5.6.38-1.mga6 php-mssql-5.6.38-1.mga6 php-mysql-5.6.38-1.mga6 php-mysqli-5.6.38-1.mga6 php-mysqlnd-5.6.38-1.mga6 php-odbc-5.6.38-1.mga6 php-opcache-5.6.38-1.mga6 php-pcntl-5.6.38-1.mga6 php-pdo-5.6.38-1.mga6 php-pdo_dblib-5.6.38-1.mga6 php-pdo_firebird-5.6.38-1.mga6 php-pdo_mysql-5.6.38-1.mga6 php-pdo_odbc-5.6.38-1.mga6 php-pdo_pgsql-5.6.38-1.mga6 php-pdo_sqlite-5.6.38-1.mga6 php-pgsql-5.6.38-1.mga6 php-phar-5.6.38-1.mga6 php-posix-5.6.38-1.mga6 php-readline-5.6.38-1.mga6 php-recode-5.6.38-1.mga6 php-session-5.6.38-1.mga6 php-shmop-5.6.38-1.mga6 php-snmp-5.6.38-1.mga6 php-soap-5.6.38-1.mga6 php-sockets-5.6.38-1.mga6 php-sqlite3-5.6.38-1.mga6 php-sybase_ct-5.6.38-1.mga6 php-sysvmsg-5.6.38-1.mga6 php-sysvsem-5.6.38-1.mga6 php-sysvshm-5.6.38-1.mga6 php-tidy-5.6.38-1.mga6 php-tokenizer-5.6.38-1.mga6 php-xml-5.6.38-1.mga6 php-xmlreader-5.6.38-1.mga6 php-xmlrpc-5.6.38-1.mga6 php-xmlwriter-5.6.38-1.mga6 php-xsl-5.6.38-1.mga6 php-wddx-5.6.38-1.mga6 php-zip-5.6.38-1.mga6 php-fpm-5.6.38-1.mga6 phpdbg-5.6.38-1.mga6 php-debuginfo-5.6.38-1.mga6 Source RPMs: php-5.6.38-1.mga6.src.rpm
Assignee: mageia => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Ref to bug22843 Comment2 for some tests phpinfo() PHP Version => 5.6.38 System => Linux mach6.hviaene.thuis 4.14.69-desktop-1.mga6 #1 SMP Wed Sep 12 10:18:08 UTC 2018 i686 Build Date => Sep 14 2018 00:09:24 Configure Command => './configure' '--with-apxs2=/usr/bin/apxs' '--build=i586-mageia-linux-gn and a lot more..... but $ php -S localhost:8000 -t php Directory php does not exist. I must be missing something
CC: (none) => herman.viaene
$ php -S localhost:8000 PHP 5.6.38 Development Server started at Sat Sep 15 11:23:41 2018 Listening on http://localhost:8000 Document root is /home/tester6/Muziek Press Ctrl-C to quit. Pointing the browser to ocalhost:8000 results in error 404 and the messages: [Sat Sep 15 11:24:15 2018] 127.0.0.1:37634 [404]: / - No such file or directory [Sat Sep 15 11:24:15 2018] 127.0.0.1:37636 [404]: /favicon.ico - No such file or directory [Sat Sep 15 11:24:15 2018] 127.0.0.1:37638 [404]: /favicon.ico - No such file or directory I have no php development stuff on this laptop.
Found an example at http://php.net/manual/fa/features.commandline.webserver.php so created a file hello.php as given there, but at CLI: $ php -S localhost:8000 hello.php PHP 5.6.38 Development Server started at Sat Sep 15 11:38:20 2018 Listening on http://localhost:8000 Document root is /home/tester6/Documenten Press Ctrl-C to quit. /home/tester6/Documenten is the location of the hello.php file, but no feedback on the CLI as indicated in the website above. Launching the browser gives a blank page, at least no error 404 anymore. Found another https://www.sitepoint.com/taking-advantage-of-phps-built-in-server/ created the index.php file as indicated there, launched the server, pointed the browser to localhost:8000 and there is all the phpinfo as in the command at the CLI. That should do as far as I am concerned.
Whiteboard: (none) => MGA6-32-OK
Tested with Drupal 8.6.1 and Booked 2.7.2 on a 64 bit machine. PHP is working fine.
Installed and tested without issues. Tested using small and large scripts (e.g. wordpress, roundcube, drupal, custom), through CLI and Apache's mod_php. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.69-desktop-1.mga6 #1 SMP Wed Sep 12 10:35:26 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep php | sort apache-mod_php-5.6.38-1.mga6 lib64php5_common5-5.6.38-1.mga6 php-channel-phpunit-1.3-15.mga6 php-cli-5.6.38-1.mga6 php-ctype-5.6.38-1.mga6 php-curl-5.6.38-1.mga6 php-dom-5.6.38-1.mga6 php-fileinfo-5.6.38-1.mga6 php-filter-5.6.38-1.mga6 php-ftp-5.6.38-1.mga6 php-gd-5.6.38-1.mga6 php-gettext-5.6.38-1.mga6 php-hash-5.6.38-1.mga6 php-iconv-5.6.38-1.mga6 php-ini-5.6.38-1.mga6 php-intl-5.6.38-1.mga6 php-json-5.6.38-1.mga6 php-mbstring-5.6.38-1.mga6 php-mcrypt-5.6.38-1.mga6 php-memcached-2.2.0-2.mga6 php-mysql-5.6.38-1.mga6 php-mysqli-5.6.38-1.mga6 php-mysqlnd-5.6.38-1.mga6 php-openssl-5.6.38-1.mga6 php-pdo-5.6.38-1.mga6 php-pdo_mysql-5.6.38-1.mga6 php-pdo_pgsql-5.6.38-1.mga6 php-pdo_sqlite-5.6.38-1.mga6 php-pear-1.10.1-3.mga6 php-pear-Auth_SASL-1.0.6-6.mga6 php-pear-channel-horde-1.0-20.mga6 php-pear-channel-symfony2-1.0-6.mga6 php-pear-Console_CommandLine-1.2.1-2.mga6 php-pear-Crypt_GPG-1.4.0-3.mga6 php-pear-DbUnit-1.3.1-5.mga6 php-pear-File_Iterator-1.3.4-5.mga6 php-pear-Mail_Mime-1.10.0-1.mga6 php-pear-MDB2-2.5.0-0.0.b11.mga6 php-pear-MDB2_Driver_mysql-1.5.0-0.0.b10.mga6 php-pear-MDB2_Driver_mysqli-1.5.0-0.0.b9.mga6 php-pear-MDB2_Driver_pgsql-1.5.0-0.0.b10.mga6 php-pear-Net_IDNA2-0.1.1-6.mga6 php-pear-Net_LDAP2-2.2.0-0.mga6 php-pear-Net_Sieve-1.3.4-1.mga6 php-pear-Net_SMTP-1.7.1-1.mga6 php-pear-Net_Socket-1.0.14-5.mga6 php-pear-PHP_CodeCoverage-1.2.17-4.mga6 php-pear-PHP_Invoker-1.1.3-5.mga6 php-pear-PHP_Timer-1.0.5-5.mga6 php-pear-PHP_TokenStream-1.2.2-4.mga6 php-pear-PHPUnit-3.7.34-3.mga6 php-pear-PHPUnit_MockObject-1.2.3-5.mga6 php-pear-PHPUnit_Selenium-1.3.3-5.mga6 php-pear-PHPUnit_Story-1.0.2-5.mga6 php-pear-Symfony2_Yaml-2.4.4-4.mga6 php-pear-Text_Template-1.2.0-4.mga6 php-pgsql-5.6.38-1.mga6 php-phpmailer-5.2.24-1.1.mga6 php-posix-5.6.38-1.mga6 php-session-5.6.38-1.mga6 php-suhosin-0.9.38-1.mga6 php-sysvsem-5.6.38-1.mga6 php-sysvshm-5.6.38-1.mga6 php-timezonedb-2017.2-1.mga6 php-tokenizer-5.6.38-1.mga6 php-xdebug-2.4.0-1.mga6 php-xml-5.6.38-1.mga6 php-xmlreader-5.6.38-1.mga6 php-xmlwriter-5.6.38-1.mga6 php-zip-5.6.38-1.mga6 php-zlib-5.6.38-1.mga6
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKCC: (none) => mageia
Validating...
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0390.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED