PHP 5.4.45/5.5.29/5.6.13 发布，主要是安全问题修复。

下载： http://www.php.net/downloads.php

Windows 下载： http://windows.php.net/download/

PHP 5.4.45 更新列表：

• Core:

  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

  • Fixed bug #70219 (Use after free vulnerability in session deserializer).

• EXIF:

  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

• hash:

  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

• PCRE:

  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

• SOAP:

  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

• SPL:

  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

• XSLT:

  • Fixed bug #69782 (NULL pointer dereference).

• ZIP:

  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

PHP 5.5.29 更新列表：

• Core:

  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

  • Fixed bug #70219 (Use after free vulnerability in session deserializer).

• EXIF:

  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

• hash:

  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

• PCRE:

  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

• SOAP:

  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

• SPL:

  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

• XSLT:

  • Fixed bug #69782 (NULL pointer dereference).

• ZIP:

  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

PHP 5.6.13 更新列表：

• Core:

  • Fixed bug #69900 (Too long timeout on pipes).

  • Fixed bug #69487 (SAPI may truncate POST data).

  • Fixed bug #70198 (Checking liveness does not work as expected).

  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

  • Fixed bug #70219 (Use after free vulnerability in session deserializer).

• CLI server:

  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).

  • Fixed bug #70264 (CLI server directory traversal).

• Date:

  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).

  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).

• EXIF:

  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

• hash:

  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

• MCrypt:

  • Fixed bug #69833 (mcrypt fd caching not working).

• Opcache:

  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).

• PCRE:

  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match).

  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

• SOAP:

  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

• SPL:

  • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start).

  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).

  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

• Standard:

  • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).

  • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED).

• XSLT:

  • Fixed bug #69782 (NULL pointer dereference).

• ZIP:

  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

打赏

微信扫一扫，打赏作者吧～

转载请注明：苏demo的别样人生 » PHP 5.4.45/5.5.29/5.6.13 发布

   如果本篇文章对您有帮助，欢迎向博主进行赞助，赞助时请写上您的用户名。

   支付宝直接捐助帐号oracle_lee@qq.com 感谢支持！