[ol7_optional_archive] php-fpm-5.4.16-36.1.el7_2.1.x86_64

Name:	php-fpm
Version:	5.4.16
Release:	36.1.el7_2.1
Architecture:	x86_64
Group:	Development/Languages
Size:	4700712
License:	PHP and Zend and BSD
RPM:	php-fpm-5.4.16-36.1.el7_2.1.x86_64.rpm
Source RPM:	php-5.4.16-36.1.el7_2.1.src.rpm
Build Date:	Thu May 12 2016
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.php.net/
Summary:	PHP FastCGI Process Manager
Description:	PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

Changelog (Show File list) (Show related packages)

Mon Apr 04 2016 Remi Collet <rcollet@redhat.com> - 5.4.16-36.1
```
- session: fix segfault in session with rfc1867 #1323643
```

Wed Jun 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-36

- fix more functions accept paths with NUL character #1213407

Fri Jun 05 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-35

- core: fix multipart/form-data request can use excessive
  amount of CPU usage CVE-2015-4024
- fix various functions accept paths with NUL character
  CVE-2015-4025, CVE-2015-4026, #1213407
- fileinfo: fix denial of service when processing a crafted
  file #1213442
- ftp: fix integer overflow leading to heap overflow when
  reading FTP file listing CVE-2015-4022
- phar: fix buffer over-read in metadata parsing CVE-2015-2783
- phar: invalid pointer free() in phar_tar_process_metadata()
  CVE-2015-3307
- phar: fix buffer overflow in phar_set_inode() CVE-2015-3329
- phar: fix memory corruption in phar_parse_tarfile caused by
  empty entry file name CVE-2015-4021
- soap: fix type confusion through unserialize #1222538
- apache2handler: fix pipelined request executed in deinitialized
  interpreter under httpd 2.4 CVE-2015-3330

Thu Apr 16 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-34

- fix memory corruption in fileinfo module on big endian
  machines #1082624
- fix segfault in pdo_odbc on x86_64 #1159892
- fix segfault in gmp allocator #1154760

Fri Apr 10 2015 Remi Collet <rcollet@redhat.com> - 5.4.16-33

- core: use after free vulnerability in unserialize()
  CVE-2014-8142 and CVE-2015-0231
- core: fix use-after-free in unserialize CVE-2015-2787
- core: fix NUL byte injection in file name argument of
  move_uploaded_file() CVE-2015-2348
- date: use after free vulnerability in unserialize CVE-2015-0273
- enchant: fix heap buffer overflow in enchant_broker_request_dict
  CVE-2014-9705
- exif: free called on unitialized pointer CVE-2015-0232
- fileinfo: fix out of bounds read in mconvert CVE-2014-9652
- gd: fix buffer read overflow in gd_gif_in.c CVE-2014-9709
- phar: use after free in phar_object.c CVE-2015-2301
- soap: fix type confusion through unserialize

Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.4.16-31

- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

Tue Oct 21 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-29

- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

Fri Sep 12 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-27

- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
  CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
  (incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
  pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
  (incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
  change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
  (incomplete fix for CVE-2014-4049). CVE-2014-3597

Thu Aug 21 2014 Jan Kaluza <jkaluza@redhat.com> - 5.4.16-25

- fix segfault after startup on aarch64 (#1107567)
- compile php with -O3 on ppc64le (#1123499)

Fri Jun 13 2014 Remi Collet <rcollet@redhat.com> - 5.4.16-23

- fileinfo: cdf_unpack_summary_info() excessive looping
  DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
  loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
  check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
  CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
  check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
  check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
  parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
  type confusion flaw. CVE-2014-3515