[ol7_latest_archive] php-mysql-5.4.16-42.el7.x86_64

The php-mysql package contains a dynamic shared object that will add
MySQL database support to PHP. MySQL is an object-relational database
management system. PHP is an HTML-embeddable scripting language. If
you need MySQL support for PHP applications, you will need to install
this package and the php package.

Changelog (Show File list) (Show related packages)

• Fri Aug 05 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-42

  - bz2: fix improper error handling in bzread() CVE-2016-5399

• Mon Aug 01 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-41

  - gd: fix integer overflow in _gd2GetHeader() resulting in
    heap overflow CVE-2016-5766
  - gd: fix integer overflow in gdImagePaletteToTrueColor()
    resulting in heap overflow CVE-2016-5767
  - mbstring: fix double free in _php_mb_regex_ereg_replace_exec
    CVE-2016-5768

• Fri Jul 22 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-40

  - don't set environmental variable based on user supplied Proxy
    request header CVE-2016-5385

• Wed Jun 15 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-39

  - fix segmentation fault in header_register_callback #1344578

• Mon May 30 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-38

  - curl: add options to enable TLS #1291667
  - mysqli: fix segfault in mysqli_stmt::bind_result() when
    link is closed #1096800
  - fpm: fix incorrectly defined SCRIPT_NAME variable when
    using Apache #1138563
  - core: fix segfault when a zend_extension is loaded twice #1289457
  - openssl: change default_md algo from MD5 to SHA1 #1073388
  - wddx: fix segfault in php_wddx_serialize_var #1131979

• Mon Apr 04 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-37

  - session: fix segfault in session with rfc1867 #1297179

• Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-36

  - fix more functions accept paths with NUL character #1213407

• Fri Jun 05 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-35

  - core: fix multipart/form-data request can use excessive
    amount of CPU usage CVE-2015-4024
  - fix various functions accept paths with NUL character
    CVE-2015-4025, CVE-2015-4026, #1213407
  - fileinfo: fix denial of service when processing a crafted
    file #1213442
  - ftp: fix integer overflow leading to heap overflow when
    reading FTP file listing CVE-2015-4022
  - phar: fix buffer over-read in metadata parsing CVE-2015-2783
  - phar: invalid pointer free() in phar_tar_process_metadata()
    CVE-2015-3307
  - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
  - phar: fix memory corruption in phar_parse_tarfile caused by
    empty entry file name CVE-2015-4021
  - soap: fix type confusion through unserialize #1222538
  - apache2handler: fix pipelined request executed in deinitialized
    interpreter under httpd 2.4 CVE-2015-3330

• Thu Apr 16 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-34

  - fix memory corruption in fileinfo module on big endian
    machines #1082624
  - fix segfault in pdo_odbc on x86_64 #1159892
  - fix segfault in gmp allocator #1154760

• Fri Apr 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-33

  - core: use after free vulnerability in unserialize()
    CVE-2014-8142 and CVE-2015-0231
  - core: fix use-after-free in unserialize CVE-2015-2787
  - core: fix NUL byte injection in file name argument of
    move_uploaded_file() CVE-2015-2348
  - date: use after free vulnerability in unserialize CVE-2015-0273
  - enchant: fix heap buffer overflow in enchant_broker_request_dict
    CVE-2014-9705
  - exif: free called on unitialized pointer CVE-2015-0232
  - fileinfo: fix out of bounds read in mconvert CVE-2014-9652
  - gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709
  - phar: use after free in phar_object.c CVE-2015-2301
  - soap: fix type confusion through unserialize