HardenedPHP updated

May 4, 2020 6:20:16 PM / by Inessa Atmachian

 

hardened_php1

New updated HardenedPHP packages are now available for download from our production repository.

Changelog

alt-php44-4.4.9-107

  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79465: OOB Read in urldecode() (CVE-2020-7067)

alt-php51-5.1.6-134  

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79465: OOB Read in urldecode() (CVE-2020-7067)
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline

alt-php52-5.2.17-166  

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #74940: DateTimeZone loose comparison always true
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79396: setting Date/Time during a forward DST transition
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
  • Fixed the bug #79465-CVE-2020-7067: OOB Read in urldecode()

alt-php53-5.3.29-128

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #74940: DateTimeZone loose comparison always true
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79296: ZipArchive::open fails on empty file
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79396: setting Date/Time during a forward DST transition
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
  • Fixed the bug #79424: php_zip_glob uses gl_pathc after call to globfree
  • Fixed the bug #79465-CVE-2020-7067: OOB Read in urldecode()

alt-php54-5.4.45-109
alt-php55-5.5.38-90
alt-php56-5.6.40-39

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #74940: DateTimeZone loose comparison always true
  • Fixed the bug #75673: SplStack::unserialize() behavior
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79296: ZipArchive::open fails on empty file
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79396: setting Date/Time during a forward DST transition
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
  • Fixed the bug #79424: php_zip_glob uses gl_pathc after call to globfree
  • Fixed the bug #79465-CVE-2020-7067: OOB Read in urldecode()

alt-php70-7.0.33-40

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #74940: DateTimeZone loose comparison always true
  • Fixed the bug #75673: SplStack::unserialize() behavior
  • Fixed the bug #79199: curl_copy_handle() memory leak
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79393: Null coalescing operator failing with SplFixedArray
  • Fixed the bug #79396: setting Date/Time during a forward DST transition
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
  • Fixed the bug #79424: php_zip_glob uses gl_pathc after call to globfree
  • Fixed the bug #79465: OOB Read in urldecode() (CVE-2020-7067)
  • Fixed the bug #79468: SIGSEGV when closing stream handle with a stream filter appended

alt-php71-7.1.33-9

  • Fixed the bug #61597: SXE properties may lack attributes and content
  • Fixed the bug #74940: DateTimeZone loose comparison always true
  • Fixed the bug #75673: SplStack::unserialize() behavior
  • Fixed the bug #79199: curl_copy_handle() memory leak
  • Fixed the bug #79200: Some iconv functions cut Windows-1258
  • Fixed the bug #79296: ZipArchive::open fails on empty file (libzip 1.6.0)
  • Fixed the bug #79330: shell_exec() silently truncates after a null byte
  • Fixed the bug #79364: When copy empty array, next key is unspecified
  • Fixed the bug #79393: Null coalescing operator failing with SplFixedArray
  • Fixed the bug #79396: setting Date/Time during a forward DST transition
  • Fixed the bug #79410: system() swallows last chunk if it is exactly 4095 bytes without newline
  • Fixed the bug #79413: session_create_id() fails for active sessions
  • Fixed the bug #79424: php_zip_glob uses gl_pathc after call to globfree
  • Fixed the bug #79465: OOB Read in urldecode() (CVE-2020-7067)
  • Fixed the bug #79468: SIGSEGV when closing stream handle with a stream filter appended

Update command

yum groupupdate alt-php

Topics: HardenedPHP, Technical Blog

Inessa Atmachian

Written by Inessa Atmachian

Inessa Atmachian is a Technical Writer. She is responsible for developing technical product documentation for CloudLinux OS, KernelCare, and Imunify360 products. She provides customers with release notes and information on product updates.

    Subscribe to Email Updates

    Recent Posts