Dear clients,

We are here to inform you about upcoming updates on our CloudLinux Shared, Business and Reseller servers.

Code:
Changelog:

alt-php56-5.6.31-1

(core) 73807: Performance problem with processing post request over 2000000 chars;
(core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
(core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
(core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
(gd) 74435: Buffer over-read into uninitialized memory;
(mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
(openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal(;
(pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
(wddx) 74145: wddx parsing empty boolean tag leads to SIGSEGV;
LSPHP SAPI updated to 6.11.
alt-php70-7.0.21-1

(core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
(core) 74658: Undefined constants in array properties result in broken properties;
(core): Fixed misparsing of abstract unix domain socket names;
(core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
(core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
(core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
(core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
(dom) 69373: References to deleted XPath query results;
(gd) 74435: Buffer over-read into uninitialized memory;
(intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
(intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
(intl) 73634: grapheme_strpos illegal memory access;
(mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
(oci8): Add TAF callback (PR #2459);
(opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
(openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
(pcre) 74087: Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library);
(pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
(reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
(spl) 74478: null coalescing operator failing with SplFixedArray;
(standard) 74708: Invalid Reflection signatures for random_bytes and random_int;
(standard) 73648: Heap buffer overflow in substr;
(ftp) 74598: ftp:// wrapper ignores context arg;
(phar) 74386: Phar::__construct reflection incorrect;
(soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
(streams) 74556: stream_socket_get_name() returns '\0';
LSPHP SAPI updated to 6.11.
alt-php71-7.1.7-1

(core) 74738: Multiple [PATH=] and [HOST=] sections not properly parsed;
(core) 74658: Undefined constants in array properties result in broken properties;
(core): Fixed misparsing of abstract unix domain socket names;
(core) 74603: PHP INI Parsing Stack Buffer Overflow Vulnerability;
(core) 74101: , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type;
(core) 74111: Heap buffer overread (READ: 1) finish_nested_data from unserialize;
(core) 74819: wddx_deserialize() heap out-of-bound read via php_parse_date();
(date) 74639: implement clone for DatePeriod and DateInterval;
(dom) 69373: References to deleted XPath query results;
(gd) 74435: Buffer over-read into uninitialized memory;
(intl) 73473: Stack Buffer Overflow in msgfmt_parse_message;
(intl) 74705: Wrong reflection on Collator::getSortKey and collator_get_sort_key;
(mbstring): Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229);
(oci8): Add TAF callback (PR #2459);
(opcache) 74663: Segfault with opcache.memory_protect and validate_timestamp;
(opcache): Revert opcache.enable_cli to default disabled;
(openssl) 74720: pkcs7_en/decrypt does not work if \x1a is used in content;
(openssl) 74651: negative-size-param (-1) in memcpy in zif_openssl_seal();
(pdo_oci): Support Instant Client 12.2 in --with-pdo-oci configure option;
(reflection) 74673: Segfault when cast Reflection object to string with undefined constant;
(spl) 74478: null coalescing operator failing with SplFixedArray;
(ftp) 74598: ftp:// wrapper ignores context arg;
(phar) 74386: Phar::__construct reflection incorrect;
(soap) 74679: Incorrect conversion array with WSDL_CACHE_MEMORY;
(streams) 74556: stream_socket_get_name() returns '\0';
LSPHP SAPI updated to 6.11.