PHP 7.3.4/7.2.17/7.1.28
ちょっと遅れましたがまとめました。
結論
前回と同じく、外部から直接攻撃される類の問題ではなさそうです。以下のいずれかを満たす必要があります
- 外部から提供された画像ファイルをアップロードされ、それをexif処理する可能性がある
- CMS
- wiki
- phpコードをサーバ管理者以外がアップロードされうる
- 共有レンタルサーバなど
発行されたCVE
- EXIF: wikiやCMSなどで不特定多数の作った画像ファイルを受け取る可能性がある場合に危険度たかし
Changelog
| Module | 7.x | Type | Link | Note |
|---|---|---|---|---|
| Core | 3,2 | Bug | #77738 | Nullptr deref in zend_compile_expr |
| Core | 3,2 | Bug | #77660 | Segmentation fault on break 2147483648 |
| Core | 3,2 | Bug | #77652 | Anonymous classes can lose their interface information |
| Core | 3 | Bug | #77345 | Stack Overflow caused by circular reference in garbage collection |
| Core | 3 | Doc Bug | #76956 | Wrong value for 'syslog.filter' documented in php.ini |
| Core | 2 | Bug | #77676 | Unable to run tests when building shared extension on AIX |
| Apache2Handler | 3 | Bug | #77648 | BOM in sapi/apache2handler/php_functions.c |
| Bcmath | 3,2 | Bug | #77742 | bcpow() implementation related to gcc compiler optimization |
| CLI Server | 3 | Bug | #77722 | Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost |
| COM | 3,2 | Bug | #77578 | Crash when php unload |
| Date | 2 | Bug | #50020 | DateInterval:createDateFromString() silently fails |
| Date | 2 | Request | #75113 | Added DatePeriod::getRecurrences() method |
| EXIF | ALL | Sec Bug | #77753 | Heap-buffer-overflow in php_ifd_get32s |
| EXIF | ALL | Sec Bug | #77831 | Heap-buffer-overflow in exif_iif_add_value |
| FPM | 3,2 | Bug | #77677 | FPM fails to build on AIX due to missing WCOREDUMP |
| GD | 3,2 | Bug | #77700 | Writing truecolor images as GIF ignores interlace flag |
| MySQLi | 3,2 | Bug | #77597 | mysqli_fetch_field hangs scripts |
| Opcache | 2 | Bug | #77691 | Opcache passes wrong value for inline array push assignments |
| Opcache | 3,2 | Bug | #77743 | Incorrect pi node insertion for jmpznz with identical successors |
| PCRE | 3 | Bug | #76127 | preg_split does not raise an error on invalid UTF-8 |
| Phar | 3 | Bug | #77697 | Crash on Big_Endian platform |
| phpdbg | 3,2 | Bug | #77767 | phpdbg break cmd aliases listed in help do not match actual aliases |
| sodium | 3,2 | Bug | #77646 | sign_detached() strings not terminated |
| SQLite3 | ALL | ? | sqlite3.defensive INI directive | |
| Standard | 2 | Bug | #77664 | Segmentation fault when using undefined constant in custom wrapper |
| Standard | 2 | Bug | #77669 | Crash in extract() when overwriting extracted array |
| Standard | 2 | Bug | #76717 | var_export() does not create a parsable value for PHP_INT_MIN |
| Standard | 2 | Bug | #77765 | FTP stream wrapper should set the directory as executable |