UbuntuUpdates.org

Package "php7.0"

Name: php7.0

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • HTML-embedded scripting language (Embedded SAPI library)
  • Bcmath module for PHP
  • bzip2 module for PHP
  • DBA module for PHP
Latest version: 7.0.33-0ubuntu0.16.04.7
Release: xenial (16.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "php7.0": https://www.ubuntuupdates.org/php7.0

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "php7.0" in Xenial

Repository Area Version
base universe 7.0.4-7ubuntu2
base main 7.0.4-7ubuntu2
security main 7.0.33-0ubuntu0.16.04.7
security universe 7.0.33-0ubuntu0.16.04.7
updates main 7.0.33-0ubuntu0.16.04.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.0.33-0ubuntu0.16.04.2 2019-03-06 17:07:05 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: invalid memory access in xmlrpc_decode()
    - debian/patches/CVE-2019-9020.patch: check length in
      ext/xmlrpc/libxmlrpc/xml_element.c, added test to
      ext/xmlrpc/tests/bug77242.phpt.
    - CVE-2019-9020
  * SECURITY UPDATE: buffer over-read in PHAR extension
    - debian/patches/CVE-2019-9021.patch: properly calculate position in
      ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
    - CVE-2019-9021
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022-pre.patch: fix DNS_CAA record results
      handling in ext/standard/dns.c,
      ext/standard/tests/network/dns_get_record_caa.phpt.
    - debian/patches/CVE-2019-9022.patch: check length in
      ext/standard/dns.c.
    - CVE-2019-9022
  * SECURITY UPDATE: buffer over-reads in mbstring regex functions
    - debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
      ext/mbstring/oniguruma/regparse.c, added test to
      ext/mbstring/tests/bug77370.phpt.
    - debian/patches/CVE-2019-9023-2.patch: check bounds in
      ext/mbstring/oniguruma/regcomp.c, added test to
      ext/mbstring/tests/bug77371.phpt.
    - debian/patches/CVE-2019-9023-3.patch: add length checks to
      ext/mbstring/oniguruma/enc/unicode.c,
      ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
      ext/mbstring/oniguruma/regparse.h, added test to
      ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
    - debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
      ext/mbstring/oniguruma/enc/utf16_be.c,
      ext/mbstring/oniguruma/enc/utf16_le.c,
      ext/mbstring/oniguruma/enc/utf32_be.c,
      ext/mbstring/oniguruma/enc/utf32_le.c, added test to
      ext/mbstring/tests/bug77418.phpt.
    - CVE-2019-9023
  * SECURITY UPDATE: buffer over-read in xmlrpc_decode()
    - debian/patches/CVE-2019-9024.patch: fix variable size in
      ext/xmlrpc/libxmlrpc/base64.c, added test to
      ext/xmlrpc/tests/bug77380.phpt.
    - CVE-2019-9024

 -- Marc Deslauriers <email address hidden> Tue, 05 Mar 2019 07:43:31 -0500
Source diff to previous version
CVE-2019-9020 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_de
CVE-2019-9021 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR r
CVE-2019-9022 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can all
CVE-2019-9023 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read
CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XML

Version: 7.0.33-0ubuntu0.16.04.1 2019-02-12 19:07:28 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 7.0.33 to fix security issues
    - CVE-2018-19518
    - CVE-2018-19935

 -- Mike Salvatore <email address hidden> Thu, 07 Feb 2019 10:52:32 -0400
Source diff to previous version
CVE-2018-19518 University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_
CVE-2018-19935 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application cr

Version: 7.0.32-0ubuntu0.16.04.1 2018-09-18 09:07:07 UTC

  php7.0 (7.0.32-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 7.0.32 to fix security issues
    - CVE-2018-14851
    - CVE-2018-14883

 -- Marc Deslauriers <email address hidden> Thu, 13 Sep 2018 09:53:39 -0400
Source diff to previous version
CVE-2018-14851 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote
CVE-2018-14883 An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-b

Version: 7.0.30-0ubuntu0.16.04.1 2018-05-14 17:07:05 UTC

  php7.0 (7.0.30-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Update to 7.0.30 to fix security issues
    - CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548,
      CVE-2018-10549

 -- Marc Deslauriers <email address hidden> Wed, 09 May 2018 13:31:14 -0400
Source diff to previous version
CVE-2018-10545 An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow by
CVE-2018-10546 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/
CVE-2018-10547 An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Re
CVE-2018-10548 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP se
CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has

Version: 7.0.28-0ubuntu0.16.04.1 2018-03-19 15:06:46 UTC

  php7.0 (7.0.28-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (7.0.28)
    - LP: #1744148
    - CVE-2018-5712
    - CVE-2018-7584

 -- Nishanth Aravamudan <email address hidden> Wed, 14 Mar 2018 15:22:51 -0700
1744148 [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3
CVE-2018-5712 An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 40
CVE-2018-7584 In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an


About   -   Send Feedback to @ubuntu_updates