PHP Security und Bugfix Release 7.4.1 – 7.3.13 und 7.2.26

PHP Logo
PHP Logo

Die Entwickler der Skriptsprache PHP, haben heute Updates für die aktuellen Zweige 7.4, 7.3 und 7.2 veröffentlicht. Diese beheben Sicherheitsprobleme und entfernt diverse Fehler.

PHP 7.4.1 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
    • Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
    • Fixed bug #78810 (RW fetches do not throw “uninitialized property” exception).
    • Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
    • Fixed bug #78296 (is_file fails to detect file).
    • Fixed bug #78883 (fgets(STDIN) fails on Windows).
    • Fixed bug #78898 (call_user_func([‘parent’, …]) fails while other succeed).
    • Fixed bug #78904 (Uninitialized property triggers __get()).
    • Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
    • Fixed bug #78923 (Artifacts when convoluting image with transparency).
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
  • FPM:
    • Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
    • Fixed bug #78889 (php-fpm service fails to start).
    • Fixed bug #78916 (php-fpm 7.4.0 don’t send mail via mail()).
  • Intl:
    • Implemented FR #78912 (INTL Support for accounting format).
  • Mysqlnd:
    • Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
  • OPcache:
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
    • Fixed bug #78935 (Preloading removes classes that have dependencies).
  • PCRE:
    • Fixed bug #78853 (preg_match() may return integer > 1).
  • Reflection:
    • Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
  • Standard:
    • Fixed bug #77638 (var_export’ing certain class instances segfaults).
    • Fixed bug #78840 (imploding $GLOBALS crashes).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.3.12 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
    • Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
    • Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
    • Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
    • Fixed bug #78296 (is_file fails to detect file).
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047).
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
  • MBString:
    • Upgraded bundled Oniguruma to 6.9.4.
  • OPcache:
    • Fixed potential ASLR related invalid opline handler issues.
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
  • PCRE:
    • Fixed bug #78853 (preg_match() may return integer > 1).
  • Standard:
    • Fixed bug #78759 (array_search in $GLOBALS).
    • Fixed bug #77638 (var_export’ing certain class instances segfaults).
    • Fixed bug #78840 (imploding $GLOBALS crashes).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.2.26 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
  • Intl:
    • Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
  • OPcache:
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
  • Standard:
    • Fixed bug #78759 (array_search in $GLOBALS).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

Quelle: https://www.php.net/

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*


Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.