PHP 7.4.2 - 7.3.14 und 7.2.27 Security und Bugfix Release

Die freie Skript- / Programmiersprache, PHP, erhielt heute Updates für die Zweige 7.4, 7.3 und 7.2. Es handelt sich hierbei um Security und Bugfix Releases. Die Sicherheitslücken sollen einen entfernten DoS-Angriff ermöglichen.

PHP 7.4.2 Release Notes

Core:
- Preloading support on Windows has been disabled.
- Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
- Fixed bug #78929 (plus signs in cookie values are converted to spaces).
- Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
- Fixed bug #78776 (Abstract method implementation from trait does not check “static”).
- Fixed bug #78999 (Cycle leak when using function result as temporary).
- Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
- Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
- Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH).
Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
Exif:
- Fixed bug #79046 (NaN to int cast undefined behavior in exif).
Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
GD:
- Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
- Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
Libxml:
- Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
OPcache:
- Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
- Fixed bug #78950 (Preloading trait method with static variables).
- Fixed bug #78903 (Conflict in RTD key for closures results in crash).
- Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
- Fixed bug #79055 (Typed property become unknown with OPcache file cache).
Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
PDO_PgSQL:
- Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
- Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
- Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
- Fixed bug #79031 (Session unserialization problem).
Shmop:
- Fixed bug #78538 (shmop memory leak).
Sqlite3:
- Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
Spl:
- Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
- Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error).
- Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).

PHP 7.3.14 Release Notes

Core:
- Fixed bug #78999 (Cycle leak when using function result as temporary).
CURL:
- Fixed bug #79033 (Curl timeout error with specific url and post).
Date:
- Fixed bug #79015 (undefined-behavior in php_date.c).
DBA:
- Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
Fileinfo:
- Fixed bug #74170 (locale information change after mime_content_type).
GD:
- Fixed bug #78923 (Artifacts when convoluting image with transparency).
- Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
- Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
Libxml:
- Fixed bug #79029 (Use After Free’s in XMLReader / XMLWriter).
Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
OPcache:
- Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
Pcntl:
- Fixed bug #78402 (Converting null to string in error message is bad DX).
PDO_PgSQL:
- Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
- Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
- Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
Shmop:
- Fixed bug #78538 (shmop memory leak).
Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
- Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).

PHP 7.2.27 Release Notes

Mbstring:
- Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
Session:
- Fixed bug #79091 (heap use-after-free in session_create_id()).
Standard:
- Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)

Quelle: https://www.php.net/

JARVIS

Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.

PHP 7.4.2 – 7.3.14 und 7.2.27 Security und Bugfix Release

PHP 7.4.2 Release Notes

PHP 7.3.14 Release Notes

PHP 7.2.27 Release Notes

Schreibe einen Kommentar Antworten abbrechen

rechtliches