2018年04月6日网站服务器迁移完成……

PHP 5.4.45/5.5.29/5.6.13 发布

php 苏 demo 1616℃ 0评论

PHP 5.4.45/5.5.29/5.6.13 发布,主要是安全问题修复。

下载: http://www.php.net/downloads.php

Windows 下载: http://windows.php.net/download/

PHP 5.4.45 更新列表:

  • Core:

    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

    • Fixed bug #70219 (Use after free vulnerability in session deserializer).

  • EXIF:

    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

  • hash:

    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

  • PCRE:

    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

  • SOAP:

    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

  • SPL:

    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

  • XSLT:

    • Fixed bug #69782 (NULL pointer dereference).

  • ZIP:

    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

PHP 5.5.29 更新列表:

  • Core:

    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

    • Fixed bug #70219 (Use after free vulnerability in session deserializer).

  • EXIF:

    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

  • hash:

    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

  • PCRE:

    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

  • SOAP:

    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

  • SPL:

    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

  • XSLT:

    • Fixed bug #69782 (NULL pointer dereference).

  • ZIP:

    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

PHP 5.6.13 更新列表:

  • Core:

    • Fixed bug #69900 (Too long timeout on pipes).

    • Fixed bug #69487 (SAPI may truncate POST data).

    • Fixed bug #70198 (Checking liveness does not work as expected).

    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

    • Fixed bug #70219 (Use after free vulnerability in session deserializer).

  • CLI server:

    • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).

    • Fixed bug #70264 (CLI server directory traversal).

  • Date:

    • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).

    • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).

  • EXIF:

    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

  • hash:

    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

  • MCrypt:

    • Fixed bug #69833 (mcrypt fd caching not working).

  • Opcache:

    • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).

  • PCRE:

    • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match).

    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

  • SOAP:

    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

  • SPL:

    • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start).

    • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).

    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

  • Standard:

    • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).

    • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED).

  • XSLT:

    • Fixed bug #69782 (NULL pointer dereference).

  • ZIP:

    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

打赏

转载请注明:苏demo的别样人生 » PHP 5.4.45/5.5.29/5.6.13 发布

   如果本篇文章对您有帮助,欢迎向博主进行赞助,赞助时请写上您的用户名。
支付宝直接捐助帐号oracle_lee@qq.com 感谢支持!
喜欢 (0)or分享 (0)
发表我的评论
取消评论
表情