PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
03 Sep 2015 PHP 5.4.45
- Core:
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- PCRE:
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- SPL:
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
06 Aug 2015 PHP 5.4.44
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
09 Jul 2015 PHP 5.4.43
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)
(Andrey)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
(CVE-2015-5589) (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (CVE-2015-5590) (Stas)
11 Jun 2015 PHP 5.4.42
- Core:
. Imroved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
heap overflow). (CVE-2015-4643) (Max Spelsberg)
. Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
(CVE-2015-4642) (Anatol Belski)
. Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)
- Litespeed SAPI:
. Fixed bug #68812 (Unchecked return value). (George Wang)
- Mail:
. Fixed bug #68776 (mail() does not have mail header injection prevention for
additional headers). (Yasuo)
- Postgres:
. Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644) (Remi)
- Sqlite3:
. Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
CVE-2015-3416) (Kaplan)
14 May 2015 PHP 5.4.41
- Core:
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
(CVE-2015-4024) (Stas)
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
(Stas)
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)
(Stas)
. Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
- FTP:
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
overflow). (CVE-2015-4022) (Stas)
- PCNTL:
. Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)
(Stas)
- PCRE
. Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
- Phar:
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
filename starts with null). (CVE-2015-4021) (Stas)
16 Apr 2015 PHP 5.4.40
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (CVE-2015-3330) (Gerrit Venema)
- Core:
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- cURL:
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (CVE-2014-9709)
(Remi)
- Phar:
. Fixed bug #68901 (use after free). (CVE-2015-2301) (bugreports at internot
dot info)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar).
(CVE-2015-2783) (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (CVE-2015-3329) (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
- SOAP:
. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
with SoapFault). (Dmitry)
- Sqlite3:
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
19 Mar 2015 PHP 5.4.39
- Core:
. Fixed bug #68976 (Use After Free Vulnerability in unserialize())
(CVE-2015-2787). (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (CVE-2015-2348)
(Stas)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305).
(Stas)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (CVE-2015-4147, CVE-2015-4148) (Dmitry)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331). (Stas)
19 Feb 2015 PHP 5.4.38
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
(ncopa at alpinelinux dot org)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
- Enchant:
. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- SOAP:
. Fixed bug #67427 (SoapServer cannot handle large messages)
(brandt at docoloc dot de)
22 Jan 2015 PHP 5.4.37
- Core:
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
(CVE-2015-0231) (Stefan Esser)
- CGI:
. Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-20
评论1
最新资源