==================================================================== CERT-Renater Note d'Information No. 2020/VULN059 _____________________________________________________________________ DATE : 04/02/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running PHP versions prior to 7.2.27, 7.3.14, 7.4.2. ===================================================================== https://www.php.net/ChangeLog-7.php#7.2.27 https://www.php.net/ChangeLog-7.php#7.3.14 https://www.php.net/ChangeLog-7.php#7.4.2 _____________________________________________________________________ 23 Jan 2020 Mbstring: Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) Session: Fixed bug #79091 (heap use-after-free in session_create_id()). Standard: Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059) _____________________________________________________________________ 23 Jan 2020 Core: Fixed bug #78999 (Cycle leak when using function result as temporary). CURL: Fixed bug #79033 (Curl timeout error with specific url and post). Date: Fixed bug #79015 (undefined-behavior in php_date.c). DBA: Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). Fileinfo: Fixed bug #74170 (locale information change after mime_content_type). GD: Fixed bug #78923 (Artifacts when convoluting image with transparency). Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values). Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method). Libxml: Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). Mbstring: Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) OPcache: Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR). Pcntl: Fixed bug #78402 (Converting null to string in error message is bad DX). PDO_PgSQL: Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection). Fixed bug #78982 (pdo_pgsql returns dead persistent connection). Session: Fixed bug #79091 (heap use-after-free in session_create_id()). Shmop: Fixed bug #78538 (shmop memory leak). Standard: Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059) Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF). _____________________________________________________________________ 23 Jan 2020 Core: Preloading support on Windows has been disabled. Fixed bug #79022 (class_exists returns True for classes that are not ready to be used). Fixed bug #78929 (plus signs in cookie values are converted to spaces). Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved). Fixed bug #78776 (Abstract method implementation from trait does not check "static"). Fixed bug #78999 (Cycle leak when using function result as temporary). Fixed bug #79008 (General performance regression with PHP 7.4 on Windows). Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw). CURL: Fixed bug #79033 (Curl timeout error with specific url and post). Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH). Date: Fixed bug #79015 (undefined-behavior in php_date.c). DBA: Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached). Exif: Fixed bug #79046 (NaN to int cast undefined behavior in exif). Fileinfo: Fixed bug #74170 (locale information change after mime_content_type). GD: Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values). Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method). Libxml: Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter). Mbstring: Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) OPcache: Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS). Fixed bug #78950 (Preloading trait method with static variables). Fixed bug #78903 (Conflict in RTD key for closures results in crash). Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class). Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR). Fixed bug #79055 (Typed property become unknown with OPcache file cache). Pcntl: Fixed bug #78402 (Converting null to string in error message is bad DX). PDO_PgSQL: Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h). Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection). Fixed bug #78982 (pdo_pgsql returns dead persistent connection). Session: Fixed bug #79091 (heap use-after-free in session_create_id()). Fixed bug #79031 (Session unserialization problem). Shmop: Fixed bug #78538 (shmop memory leak). Sqlite3: Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation). Spl: Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure). Standard: Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059) Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error). Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF). ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================