PHP 5.6.33 – 7.0.27 – 7.1.13 – 7.2.1 Security Releases

Die Entwickler der Skriptsprache PHP haben für alle die aktuellen Zweige 5.6.x, 7.0.x, 7.1.x und 7.2.x Updates bereit gestellt. Hintergrund sind mehere Sicherheitslücken, die mit diesen Patchen geschlossen werden.

PHP 5.6.33 Release Notes

  • GD:
    • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
  • Phar:
    • Fixed bug #74782 (Reflected XSS in .phar 404 page).

PHP 7.0.27 Release Notes

  • CLI Server:
    • Fixed bug #60471 (Random “Invalid request (unexpected EOF)” using a router script).
  • Core:
    • Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    • Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
  • FPM:
    • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
  • GD:
    • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
  • Opcache:
    • Fixed bug #75579 (Interned strings buffer overflow may cause crash).
  • PCRE:
    • Fixed bug #74183 (preg_last_error not returning error code after error).
  • Phar:
    • Fixed bug #74782 (Reflected XSS in .phar 404 page).
  • Standard:
    • Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
    • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
  • Zip:
    • Fixed bug #75540 (Segfault with libzip 1.3.1).

PHP 7.1.13 Release Notes

  • Core:
    • Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
    • Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    • Fixed bug #74862 (Unable to clone instance when private __clone defined).
    • Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
  • CLI Server:
    • Fixed bug #60471 (Random “Invalid request (unexpected EOF)” using a router script).
    • Fixed bug #73830 (Directory does not exist).
  • FPM:
    • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
  • GD:
    • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
  • Opcache:
    • Fixed bug #75608 (“Narrowing occurred during type inference” error).
    • Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    • Fixed bug #75570 (“Narrowing occurred during type inference” error).
  • PCRE:
    • Fixed bug #74183 (preg_last_error not returning error code after error).
  • Phar:
    • Fixed bug #74782 (remove file name from output to avoid XSS).
  • Standard:
    • Fixed bug #75511 (fread not free unused buffer).
    • Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
    • Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
    • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
    • Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    • Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
  • Zip:
    • Fixed bug #75540 (Segfault with libzip 1.3.1).

PHP 7.2.1 Release Notes

  • Core:
    • Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
    • Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    • Fixed bug #75525 (Access Violation in vcruntime140.dll).
    • Fixed bug #74862 (Unable to clone instance when private __clone defined).
    • Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
  • CLI server:
    • Fixed bug #73830 (Directory does not exist).
  • FPM:
    • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
  • GD:
    • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
  • Opcache:
    • Fixed bug #75608 (“Narrowing occurred during type inference” error).
    • Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    • Fixed bug #75570 (“Narrowing occurred during type inference” error).
    • Fixed bug #75556 (Invalid opcode 138/1/1).
  • PCRE:
    • Fixed bug #74183 (preg_last_error not returning error code after error).
  • Phar:
    • Fixed bug #74782 (remove file name from output to avoid XSS).
  • Standard:
    • Fixed bug #75511 (fread not free unused buffer).
    • Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
    • Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
    • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
    • Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    • Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
  • Zip:
    • Fixed bug #75540 (Segfault with libzip 1.3.1).

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.