Qui è un pezzo importante della notizia che riguarda gli sviluppatori, sviluppatori PHP, in particolare,. PHP ha ricevuto diversi aggiornamenti cruciali che hanno preso cura di difetti legati alla sicurezza. versioni 7.0.2, 5.6.17 e 5.5.31 sono già disponibili per il download.
As reported by InfoWorld’s Fahmida Y. Rashid, Versione 7.0.2 put an end to six security vulnerabilities that were present in PHP 7. Versione 5.5.31, d'altronde, eliminated five bugs in PHP 5.5, which will be supported until July 2016.
Previous version PHP 5.4 was ended in October and is not supported any longer. That is why developers still using PHP 5.4 should immediately upgrade to a newly updated version.
Why is updating crucial? Many applications are written in PHP, and if they’re not maintained properly (a.k.a. updated frequently), they can easily fall victims to attacks. Taking advantage of zero-day vulnerabilities is an attack scenario that still hasn’t gone out of fashion.
What should we know about PHP 7.02?
PHP 7.02 updates are mainly focused on fixing address segmentation faults in Core. 7.02 rattoppato 14 vulnerabilities in PHP Core. The latest updates also fixed a four-year old vulnerability known as 55651.
Remote code execution exploits fixed
One of the more important fixes prevents remote code execution. A heap buffer overflow in Standard, referred to as a theoretical buffer overflow by some users, has been fixed as well.
What is a buffer overflow attack?
Buffer overflows are common in malicious attack scenarios. buffer overflow possono essere avviate dagli ingressi, progettato per eseguire codice, o cambiare il modo in cui un funzioni del programma. buffer overflow possono portare a comportamenti programma incoerente e possono causare errori di accesso alla memoria, risultati non corretti, crash, or breaches of system security. Ecco perché i buffer overflow vengono applicati in varie vulnerabilità del software e sono spesso sfruttati nelle operazioni dannose.
Other fixed vulnerabilities in the latest PHP versions include:
- A memory read error in the GD graphics library identified as 70976;
- A user-after-free vulnerability in WDDX known as 70661;
- Two type confusion vulnerabilities in WDDX known as 70741 e 70728.