СloudLinux Blog

Alt-PHP has been scheduled for gradual rollout

Written by Inessa Atmachian | Mar 19, 2020 8:42:23 PM

 

New updated Alt-PHP packages have been scheduled for gradual rollout from our production repository.

Rollout slot: 3

Rolled out to: 1%

ETA for 100% rollout: March, 26th

Changelog

alt-php44-4.4.9-101.1
alt-php51-5.1.6-128.1

  • Fix bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix incorrect order of zend extensions
  • Disable external pcre lib for Imunify

alt-php52-5.2.17-160.1
alt-php53-5.3.29-123.1

  • Fix bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • Fix bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix incorrect order of zend extensions
  • Disable external pcre lib for Imunify

alt-php54-5.4.45-103.1
alt-php55-5.5.38-84.1
alt-php56-5.6.40-33.1
alt-php70-7.0.33-34.1

  • Fix bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
  • Fix bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • Fix bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)
  • Fix incorrect order of zend extensions
  • Disable external pcre lib for Imunify

alt-php71-7.1.33-3.1

  • Fix bug #79037: global buffer-overflow in `mbfl_filt_conv_big5_wchar` (CVE-2020-7060)
  • Fix bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
  • Fix bug #79091: heap use-after-free in session_create_id()
  • Fix bug #79099: OOB read in php_strip_tags_ex (CVE-2020-7059)
  • Fix bug #79221: Null Pointer Dereference in PHP Session Upload Progress (CVE-2020-7062)
  • Fix incorrect order of zend extensions
  • Disable external pcre lib for Imunify

alt-php72-7.2.28-1.2
alt-php73-7.3.15-1.2
alt-php74-7.4.3-1.2

  • Fix incorrect order of zend extensions
  • Disable external pcre lib for Imunify

Update command

yum groupupdate alt-php

Immediate update (via bypass)

yum groupupdate alt-php --enablerepo=cloudlinux-rollout-3-bypass