Open Source PHP 5.5 and 5.4 Updated


From the ‘No Security Fixes’ files:

The open source PHP programming language is being updated this month with a pair of non-security updates.

PHP 5.4.24 and PHP 5.5.8 are now both available of developers and server admins to fix a long list of bugs.

For the PHP 5.4 first debuted in early 2012, marking a dramatic speed boost for PHP users and applications. PHP 5.5 in contrast is the leading edge of the publicly available PHP code and hit general availability in June of 2013.

So far as I can tell there are no publicly disclosed CVEs in the PHP 5.5.8 or 5.4.24 updates and many of the bugs fixed overlap across both versions.

The full list of changes is:

  • Core:
    • Disallowed JMP into a finally block.
    • Added validation of class names in the autoload process.
    • Fixed invalid C code in zend_strtod.c.
    • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
    • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
    • Fixed bug #61645 (fopen and O_NONBLOCK).
    • Fixed bug #66218 (zend_register_functions breaks reflection).
  • Date:
    • Fixed bug #66060 (Heap buffer over-read in DateInterval).
    • Fixed bug #65768 (DateTimeImmutable::diff does not work).
  • DOM:
    • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
  • Exif:
    • Fixed bug #65873 (Integer overflow in exif_read_data()).
  • Filter:
    • Fixed bug #66229 ( isn’t reserved any longer).
  • GD:
    • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
  • PDO_odbc:
    • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
  • MySQLi:
    • Fixed bug #65486 (mysqli_poll() is broken on win x64).
  • OPCache:
    • Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
    • Fixed Issue #140: “opcache.enable_file_override” doesn’t respect “opcache.revalidate_freq”.
  • SNMP:
    • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
  • SOAP:
    • Fixed bug #66112 (Use after free condition in SOAP extension).
  • Sockets:
    • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
  • XSL:
    • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
  • ZIP:
    • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist

News Around the Web