Die freie Skript- / Programmiersprache, PHP, erhielt heute Updates für die Zweige 7.4, 7.3 und 7.2. Es handelt sich hierbei um Security und Bugfix Releases. Die Sicherheitslücken sollen einen entfernten DoS-Angriff ermöglichen.
PHP 7.4.2 Release Notes
- Core:
- Preloading support on Windows has been disabled.
- Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
- Fixed bug #78929 (plus signs in cookie values are converted to spaces).
- Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
- Fixed bug #78776 (Abstract method implementation from trait does not check “static”).
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
- Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
- CURL:
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Exif:
- Fixed bug #79046 (NaN to int cast undefined behavior in exif).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Libxml:
- Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
- Fixed bug #78950 (Preloading trait method with static variables).
- Fixed bug #78903 (Conflict in RTD key for closures results in crash).
- Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Fixed bug #79055 (Typed property become unknown with OPcache file cache).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Session:
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Sqlite3:
- Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
- Spl:
- Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
- Standard:
PHP 7.3.14 Release Notes
- Core:
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
- Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
- DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
- Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
- GD:
- Libxml:
- Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- OPcache:
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
- PDO_PgSQL:
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Shmop:
- Fixed bug #78538 (shmop memory leak).
- Standard:
PHP 7.2.27 Release Notes
- Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
- Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
Quelle: https://www.php.net/
Antworten