Software 42837 Published by

New PHP update are available: PHP 7.4.1, 7.3.13, and 7.2.26





PHP 7.4.1

Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
Fixed bug #78810 (RW fetches do not throw "uninitialized property" exception).
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
Fixed bug #78296 (is_file fails to detect file).
Fixed bug #78883 (fgets(STDIN) fails on Windows).
Fixed bug #78898 (call_user_func(['parent', ...]) fails while other succeed).
Fixed bug #78904 (Uninitialized property triggers __get()).
Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
Fixed bug #78923 (Artifacts when convoluting image with transparency).
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
FPM:
Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
Fixed bug #78889 (php-fpm service fails to start).
Fixed bug #78916 (php-fpm 7.4.0 don't send mail via mail()).
Intl:
Implemented FR #78912 (INTL Support for accounting format).
Mysqlnd:
Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
OPcache:
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
Fixed bug #78935 (Preloading removes classes that have dependencies).
PCRE:
Fixed bug #78853 (preg_match() may return integer > 1).
Reflection:
Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
Standard:
Fixed bug #77638 (var_export'ing certain class instances segfaults).
Fixed bug #78840 (imploding $GLOBALS crashes).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.3.13

Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
Fixed bug #78296 (is_file fails to detect file).
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047).
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
MBString:
Upgraded bundled Oniguruma to 6.9.4.
OPcache:
Fixed potential ASLR related invalid opline handler issues.
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
PCRE:
Fixed bug #78853 (preg_match() may return integer > 1).
Standard:
Fixed bug #78759 (array_search in $GLOBALS).
Fixed bug #77638 (var_export'ing certain class instances segfaults).
Fixed bug #78840 (imploding $GLOBALS crashes).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

PHP 7.2.26

Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
Intl:
Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
OPcache:
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
Standard:
Fixed bug #78759 (array_search in $GLOBALS).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).

Download