Join the community today
Register Now

PHP Security PHP 5.6.40 Released

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jan 11, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    38,681
    8,540
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,123
    Local Time:
    3:24 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Despite PHP 5.6 branch being EOL last month, this security release was serious enough to release PHP 5.6.40 version
    Code:
    10 Jan 2019, PHP 5.6.40
    
    - GD:
      . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
        use-after-free). (cmb)
      . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)
    
    - Mbstring:
      . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
      . Fixed bug #77371 (heap buffer overflow in mb regex functions
        - compile_string_node). (Stas)
      . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
      . Fixed bug #77382 (heap buffer overflow due to incorrect length in
        expand_case_fold_string). (Stas)
      . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
      . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
      . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)
    
    - Phar:
      . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)
    
    - Xmlrpc:
      . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
      . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)

     
..