Das Entwicklerteam der Programmiersprache PHP, haben Aktualisierungen der Hauptversionen 7.3, 7.2 und 7.1 veröffentlicht. Die Updates sind Security und Bugfix Releases und sollten umgehend installiert werden. Die Sicherheitslücke ist in CVE-2019-11043 beschrieben und ermöglicht den Remoteangriff auf nginx PHP-FPM Systeme.
PHP 7.3.11 Release Notes
- Core:
- Exif:
- Fixed bug #78442 (‘Illegal component’ on exif_read_data since PHP7) (Kalle)
- FPM:
- MBString:
- MySQLi:
- Fixed bug #76809 (SSL settings aren’t respected when persistent connections are used).
- Mysqlnd:
- Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements).
- PCRE:
- Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process).
- PDO_MySQL:
- Fixed bug #78623 (Regression caused by “SP call yields additional empty result set”).
- Session:
- Fixed bug #78624 (session_gc return value for user defined session handlers).
- Standard:
- Zip:
- Fixed bug #78641 (addGlob can modify given remove_path value).
PHP 7.2.24 Release Notes
- Core:
- Exif:
- Fixed bug #78442 (‘Illegal component’ on exif_read_data since PHP7) (Kalle)
- FPM:
- Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
- MBString:
- MySQLi:
- Fixed bug #76809 (SSL settings aren’t respected when persistent connections are used).
- PDO_MySQL:
- Fixed bug #78623 (Regression caused by “SP call yields additional empty result set”).
- Session:
- Fixed bug #78624 (session_gc return value for user defined session handlers).
- Standard:
- Zip:
- Fixed bug #78641 (addGlob can modify given remove_path value).
PHP 7.1.33 Release Notes
FPM:
- Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
Loading...