The PHP.net has posted the latest releases of the language for all of the major series - PHP 5.4, 5.5 and 5.6. Each release fixes several bugs including a few security related issues:
- CVE-2015-0231 - a "use after free" issue with unserialize
- CVE-2014-9427 - an out of bounds issue with php-cgi
- CVE-2015-0232 - free being called on an unitialized pointer
It is strongly encouraged that you upgrade to the latest release for the major version you're using to prevent issues around these vulnerabilities. You can find these latest releases on the main downloads page or windows.php.net for the Windows binaries.
Link: http://php.net/archive/2015.php#id2015-01-22-3
没有评论:
发表评论