PHP Logo

PHP Security und Bugfix Release 7.4.1 – 7.3.13 und 7.2.26

Die Entwickler der Skriptsprache PHP, haben heute Updates für die aktuellen Zweige 7.4, 7.3 und 7.2 veröffentlicht. Diese beheben Sicherheitsprobleme und entfernt diverse Fehler.

PHP 7.4.1 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
    • Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
    • Fixed bug #78810 (RW fetches do not throw “uninitialized property” exception).
    • Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
    • Fixed bug #78296 (is_file fails to detect file).
    • Fixed bug #78883 (fgets(STDIN) fails on Windows).
    • Fixed bug #78898 (call_user_func([‘parent’, …]) fails while other succeed).
    • Fixed bug #78904 (Uninitialized property triggers __get()).
    • Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
    • Fixed bug #78923 (Artifacts when convoluting image with transparency).
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
  • FPM:
    • Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
    • Fixed bug #78889 (php-fpm service fails to start).
    • Fixed bug #78916 (php-fpm 7.4.0 don’t send mail via mail()).
  • Intl:
    • Implemented FR #78912 (INTL Support for accounting format).
  • Mysqlnd:
    • Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
  • OPcache:
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
    • Fixed bug #78935 (Preloading removes classes that have dependencies).
  • PCRE:
    • Fixed bug #78853 (preg_match() may return integer > 1).
  • Reflection:
    • Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
  • Standard:
    • Fixed bug #77638 (var_export’ing certain class instances segfaults).
    • Fixed bug #78840 (imploding $GLOBALS crashes).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.3.12 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
    • Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
    • Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
    • Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
    • Fixed bug #78296 (is_file fails to detect file).
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047).
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
  • MBString:
    • Upgraded bundled Oniguruma to 6.9.4.
  • OPcache:
    • Fixed potential ASLR related invalid opline handler issues.
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
  • PCRE:
    • Fixed bug #78853 (preg_match() may return integer > 1).
  • Standard:
    • Fixed bug #78759 (array_search in $GLOBALS).
    • Fixed bug #77638 (var_export’ing certain class instances segfaults).
    • Fixed bug #78840 (imploding $GLOBALS crashes).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.2.26 Release Notes

  • Bcmath:
    • Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
  • Core:
    • Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
    • Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
  • EXIF:
    • Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
    • Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
  • GD:
    • Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
  • Intl:
    • Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
  • OPcache:
    • Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
  • Standard:
    • Fixed bug #78759 (array_search in $GLOBALS).
    • Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
    • Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

Quelle: https://www.php.net/

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.