Menü Schließen

PHP 7.4.2 – 7.3.14 und 7.2.27 Security und Bugfix Release

PHP Logo

Die freie Skript- / Programmiersprache, PHP, erhielt heute Updates für die Zweige 7.4, 7.3 und 7.2. Es handelt sich hierbei um Security und Bugfix Releases. Die Sicherheitslücken sollen einen entfernten DoS-Angriff ermöglichen.

PHP 7.4.2 Release Notes

  • Core:
    • Preloading support on Windows has been disabled.
    • Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
    • Fixed bug #78929 (plus signs in cookie values are converted to spaces).
    • Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
    • Fixed bug #78776 (Abstract method implementation from trait does not check „static“).
    • Fixed bug #78999 (Cycle leak when using function result as temporary).
    • Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
    • Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
  • CURL:
    • Fixed bug #79033 (Curl timeout error with specific url and post).
    • Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH).
  • Date:
    • Fixed bug #79015 (undefined-behavior in php_date.c).
  • DBA:
    • Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
  • Exif:
    • Fixed bug #79046 (NaN to int cast undefined behavior in exif).
  • Fileinfo:
    • Fixed bug #74170 (locale information change after mime_content_type).
  • GD:
    • Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
    • Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
  • Libxml:
    • Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
  • Mbstring:
    • Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
  • OPcache:
    • Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
    • Fixed bug #78950 (Preloading trait method with static variables).
    • Fixed bug #78903 (Conflict in RTD key for closures results in crash).
    • Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
    • Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
    • Fixed bug #79055 (Typed property become unknown with OPcache file cache).
  • Pcntl:
    • Fixed bug #78402 (Converting null to string in error message is bad DX).
  • PDO_PgSQL:
    • Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
    • Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
    • Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
  • Session:
    • Fixed bug #79091 (heap use-after-free in session_create_id()).
    • Fixed bug #79031 (Session unserialization problem).
  • Shmop:
    • Fixed bug #78538 (shmop memory leak).
  • Sqlite3:
    • Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
  • Spl:
    • Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
  • Standard:
    • Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
    • Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error).
    • Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).

PHP 7.3.14 Release Notes

  • Core:
    • Fixed bug #78999 (Cycle leak when using function result as temporary).
  • CURL:
    • Fixed bug #79033 (Curl timeout error with specific url and post).
  • Date:
    • Fixed bug #79015 (undefined-behavior in php_date.c).
  • DBA:
    • Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
  • Fileinfo:
    • Fixed bug #74170 (locale information change after mime_content_type).
  • GD:
    • Fixed bug #78923 (Artifacts when convoluting image with transparency).
    • Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
    • Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
  • Libxml:
    • Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
  • Mbstring:
    • Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
  • OPcache:
    • Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
  • Pcntl:
    • Fixed bug #78402 (Converting null to string in error message is bad DX).
  • PDO_PgSQL:
    • Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
    • Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
    • Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
  • Session:
    • Fixed bug #79091 (heap use-after-free in session_create_id()).
  • Shmop:
    • Fixed bug #78538 (shmop memory leak).
  • Standard:
    • Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
    • Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).

PHP 7.2.27 Release Notes

  • Mbstring:
    • Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
  • Session:
    • Fixed bug #79091 (heap use-after-free in session_create_id()).
  • Standard:
    • Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)

Quelle: https://www.php.net/

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert