Richard G
Verified User
The PHP development team announces the immediate availability of PHP 5.6.31. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.
06 Jul 2017
Core:
Fixed bug #73807 (Performance problem with processing post request over 2000000 chars).
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize).
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory).
mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
WDDX:
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV).
06 Jul 2017
Core:
Fixed bug #73807 (Performance problem with processing post request over 2000000 chars).
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize).
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory).
mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
WDDX:
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV).