Ett flertal sårbarheter åtgärdade i PHP

En stor mängd säkerhetsbrister har åtgärdats i det populära webbramverket PHP. Sårbarheterna som uppdagats kan leda till att en angripare kan exekvera kod, genomföra blockeringsattacker (DoS) eller installera program(?). Oklart om dessa går att utnyttja fjärrmässigt, över internet exempelvis eller om det enbart är lokala sårbarheter.

Följande versioner är sårbara:

• PHP 7.2 före version 7.2.1
• PHP 7.1 före version 7.1.13
• PHP 7.0 före version 7.0.27
• PHP 5.0 före version 5.6.33

Följande sårbarheter är åtgärdade:

Version 7.2.1
Bug #64938 (libxml_disable_entity_loader setting is shared between requests).
Bug #73124 (php_ini_scanned_files() not reporting correctly).
Bug #73830 (Directory does not exist).
Bug #74183 (preg_last_error not returning error code after error).
Bug #74782 (remove file name from output to avoid XSS).
Bug #74862 (Unable to clone instance when private clone defined).
Bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
Bug #75384 (PHP seems incompatible with OneDrive files on demand).
Bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Bug #75511 (fread not free unused buffer).
Bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
Bug #75525 (Access Violation in vcruntime140.dll).
Bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
Bug #75540 (Segfault with libzip 1.3.1).
Bug #75556 (Invalid opcode 138/1/1).
Bug #75570 (”Narrowing occurred during type inference” error).
Bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
Bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
Bug #75579 (Interned strings buffer overflow may cause crash).
Bug #75608 (”Narrowing occurred during type inference” error).

Version 7.1.13
Bug #60471 (Random ”Invalid request (unexpected EOF)” using a router script).
Bug #64938 (libxml_disable_entity_loader setting is shared between requests).
Bug #73124 (php_ini_scanned_files() not reporting correctly).
Bug #73830 (Directory does not exist).
Bug #74183 (preg_last_error not returning error code after error).
Bug #74782 (remove file name from output to avoid XSS).
Bug #74862 (Unable to clone instance when private clone defined).
Bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
Bug #75384 (PHP seems incompatible with OneDrive files on demand).
Bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Bug #75511 (fread not free unused buffer).
Bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
Bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
Bug #75540 (Segfault with libzip 1.3.1).
Bug #75570 (”Narrowing occurred during type inference” error).
Bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
Bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
Bug #75579 (Interned strings buffer overflow may cause crash).
Bug #75608 (”Narrowing occurred during type inference” error).

Version 7.0.27
Bug #60471 (Random ”Invalid request (unexpected EOF)” using a router script).
Bug #64938 (libxml_disable_entity_loader setting is shared between requests).
Bug #74183 (preg_last_error not returning error code after error).
Bug #74782 (Reflected XSS in .phar 404 page).
Bug #75384 (PHP seems incompatible with OneDrive files on demand).
Bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
Bug #75540 (Segfault with libzip 1.3.1).
Bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
Bug #75579 (Interned strings buffer overflow may cause crash).

Version 5.6.33
Bug #74782 (Reflected XSS in .phar 404 page).
Bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).

Källa: US-CERT