PHP 5.4.45/5.5.29/5.6.13 发布
PHP 5.4.45/5.5.29/5.6.13 发布,主要是安全问题修复。
下载: http://www.php.net/downloads.php
Windows 下载: http://windows.php.net/download/
PHP 5.4.45 更新列表:
-
Core:
-
Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
-
Fixed bug #70219 (Use after free vulnerability in session deserializer).
-
EXIF:
-
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
-
hash:
-
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
-
PCRE:
-
Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
-
SOAP:
-
Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
-
SPL:
-
Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
-
Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
-
XSLT:
-
Fixed bug #69782 (NULL pointer dereference).
-
ZIP:
-
Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
PHP 5.5.29 更新列表:
-
Core:
-
Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
-
Fixed bug #70219 (Use after free vulnerability in session deserializer).
-
EXIF:
-
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
-
hash:
-
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
-
PCRE:
-
Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
-
SOAP:
-
Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
-
SPL:
-
Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
-
Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
-
XSLT:
-
Fixed bug #69782 (NULL pointer dereference).
-
ZIP:
-
Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
PHP 5.6.13 更新列表:
-
Core:
-
Fixed bug #69900 (Too long timeout on pipes).
-
Fixed bug #69487 (SAPI may truncate POST data).
-
Fixed bug #70198 (Checking liveness does not work as expected).
-
Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
-
Fixed bug #70219 (Use after free vulnerability in session deserializer).
-
CLI server:
-
Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
-
Fixed bug #70264 (CLI server directory traversal).
-
Date:
-
Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).
-
Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
-
EXIF:
-
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
-
hash:
-
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
-
MCrypt:
-
Fixed bug #69833 (mcrypt fd caching not working).
-
Opcache:
-
Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).
-
PCRE:
-
Fixed bug #70232 (Incorrect bump-along behavior with /K and empty string match).
-
Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
-
SOAP:
-
Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
-
SPL:
-
Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start).
-
Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).
-
Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
-
Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
-
Standard:
-
Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
-
Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED).
-
XSLT:
-
Fixed bug #69782 (NULL pointer dereference).
-
ZIP:
-
Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
更多内容请看 发行说明 。
正文到此结束
热门推荐
相关文章
近期评论
-
文章和留言都翻到11页了 没有OOM
-
-
朋友,翻页到11页,及以后,会出现OOM,无法访问
-
-
搞个gitee的项目
-
-
版本号是多少,你可以下载哪个代码仓库,jdk选1.8 直接跑就行
-
-
-
Loading...
![[HBLOG]公众号](https://www.liuhaihua.cn/img/qrcode_gzh.jpg)
