PHP 7.3.8 – 7.2.21 – 7.1.31 Security Bugfix Release

PHP 7.3.8 – 7.2.21 – 7.1.31 Security Bugfix Release

Das Entwicklerteam der Programmiersprache PHP, haben Aktualisierungen der Hauptversionen 7.3, 7.2 und 7.1 veröffentlicht. Die Updates sind Security und Bugfix Releases und sollten umgehend installiert werden.

PHP 7.3.8 Release Notes

  • Core:
    • Added syslog.filter=raw option.
    • Fixed bug #78212 (Segfault in built-in webserver).
  • Date:
    • Fixed bug #69044 (discrepency between time and microtime).
    • Updated timelib to 2018.02.
  • EXIF:
    • Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
    • Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
  • FTP:
    • Fixed bug #78039 (FTP with SSL memory leak).
  • Libxml:
    • Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
  • LiteSpeed:
    • Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
    • Fixed bug #76058 (After “POST data can’t be buffered”, using php://input makes huge tmp files).
  • Openssl:
    • Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
  • Opcache:
    • Fixed bug #78341 (Failure to detect smart branch in DFA pass).
    • Fixed bug #78189 (file cache strips last character of uname hash).
    • Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
    • Fixed bug #78271 (Invalid result of if-else).
    • Fixed bug #78291 (opcache_get_configuration doesn’t list all directives).
  • PCRE:
    • Fixed bug #78338 (Array cross-border reading in PCRE).
    • Fixed bug #78197 (PCRE2 version check in configure fails for “##.##-xxx” version strings).
  • PDO_Sqlite:
    • Fixed bug #78192 (SegFault when reuse statement after schema has changed).
  • Phar:
    • Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
  • Phpdbg:
    • Fixed bug #78297 (Include unexistent file memory leak).
  • SQLite:
    • Upgraded to SQLite 3.28.0.
  • Standard:
    • Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
    • Fixed bug #78269 (password_hash uses weak options for argon2).

PHP 7.2.21 Release Notes

  • Date:
    • Fixed bug #69044 (discrepency between time and microtime).
  • EXIF:
    • Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
    • Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
  • Fileinfo:
    • Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
  • FTP:
    • Fixed bug #77124 (FTP with SSL memory leak).
  • Libxml:
    • Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
  • LiteSpeed:
    • Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
    • Fixed bug #76058 (After “POST data can’t be buffered”, using php://input makes huge tmp files).
  • Openssl:
    • Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
  • OPcache:
    • Fixed bug #78189 (file cache strips last character of uname hash).
    • Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
    • Fixed bug #78291 (opcache_get_configuration doesn’t list all directives).
  • Phar:
    • Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
  • Phpdbg:
    • Fixed bug #78297 (Include unexistent file memory leak).
  • PDO_Sqlite:
    • Fixed bug #78192 (SegFault when reuse statement after schema has changed).
  • SQLite:
    • Upgraded to SQLite 3.28.0.
  • Standard:
    • Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
    • Fixed bug #78269 (password_hash uses weak options for argon2).
  • XMLRPC:
    • Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).

PHP 7.1.31 Release Notes

  • SQLite:
    • Upgraded to SQLite 3.28.0.
  • EXIF:
    • Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
    • Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
  • Phar:
    • Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).

Quelle: https://www.php.net/ChangeLog-7.php

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.