==================================================================== CERT-Renater Note d'Information No. 2020/VULN093 _____________________________________________________________________ DATE : 25/02/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running PHP versions prior to 7.4.3, 7.3.15, 7.2.28. ===================================================================== https://www.php.net/ChangeLog-7.php#7.4.3 https://www.php.net/ChangeLog-7.php#7.3.15 https://www.php.net/ChangeLog-7.php#7.2.28 ________________________________________________________________________ Version 7.4.3 20 Feb 2020 Core: Fixed bug #79146 (cscript can fail to run on some systems). Fixed bug #79155 (Property nullability lost when using multiple property definition). Fixed bug #78323 (Code 0 is returned on invalid options). Fixed bug #78989 (Delayed variance check involving trait segfaults). Fixed bug #79174 (cookie values with spaces fail to round-trip). Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). COM: Fixed bug #79247 (Garbage collecting variant objects segfaults). CURL: Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). FFI: Fixed bug #79096 (FFI Struct Segfault). IMAP: Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure time). Intl: Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings). MySQLi: Fixed bug #78666 (Properties may emit a warning on var_dump()). MySQLnd: Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars). Opcache: Fixed bug #79114 (Eval class during preload causes class to be only half available). Fixed bug #79128 (Preloading segfaults if preload_user is used). Fixed bug #79193 (Incorrect type inference for self::$field =& $field). OpenSSL: Fixed bug #79145 (openssl memory leak). Phar: Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct). Session: Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) Standard: Fixed bug #78902 (Memory leak when using stream_filter_append). Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null). Testing: Fixed bug #78090 (bug45161.phpt takes forever to finish). XSL: Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). Zip: Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0). Add ZipArchive::RDONLY (since libzip 1.0.0). Add ZipArchive::ER_* missing constants. Add ZipArchive::LIBZIP_VERSION constant. Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method). ________________________________________________________________________ Version 7.3.15 20 Feb 2020 Core: Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported). Fixed bug #79146 (cscript can fail to run on some systems). Fixed bug #78323 (Code 0 is returned on invalid options). Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments). CURL: Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). Intl: Fixed bug #79212 (NumberFormatter::format() may detect wrong type). Libxml: Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()). MBString: Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). MySQLnd: Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). OpenSSL: Fixed bug #79145 (openssl memory leak). Phar: Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061) Fixed bug #76584 (PharFileInfo::decompress not working). Reflection: Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct). Session: Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) SPL: Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward). Standard: Fixed bug #78902 (Memory leak when using stream_filter_append). Testing: Fixed bug #78090 (bug45161.phpt takes forever to finish). XSL: Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory). ________________________________________________________________________ Version 7.2.28 20 Feb 2020 DOM: Fixed bug #77569: (Write Access Violation in DomImplementation). Phar: Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) Session: Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================