Here is an important piece of news that concerns developers, PHP devs in particular. PHP has received several crucial updates that have taken care of security-related flaws. Versions 7.0.2, 5.6.17 and 5.5.31 are already available for download.
As reported by InfoWorld’s Fahmida Y. Rashid, Version 7.0.2 put an end to six security vulnerabilities that were present in PHP 7. Version 5.5.31, on the other hand, eliminated five bugs in PHP 5.5, which will be supported until July 2016.
Previous version PHP 5.4 was ended in October and is not supported any longer. That is why developers still using PHP 5.4 should immediately upgrade to a newly updated version.
Why is updating crucial? Many applications are written in PHP, and if they’re not maintained properly (a.k.a. updated frequently), they can easily fall victims to attacks. Taking advantage of zero-day vulnerabilities is an attack scenario that still hasn’t gone out of fashion.
What should we know about PHP 7.02?
PHP 7.02 updates are mainly focused on fixing address segmentation faults in Core. 7.02 patched 14 vulnerabilities in PHP Core. The latest updates also fixed a four-year old vulnerability known as 55651.
Remote code execution exploits fixed
One of the more important fixes prevents remote code execution. A heap buffer overflow in Standard, referred to as a theoretical buffer overflow by some users, has been fixed as well.
What is a buffer overflow attack?
Buffer overflows are common in malicious attack scenarios. Buffer overflows can be initiated by inputs, designed to execute code, or change the way a program functions. Buffer overflows may lead to inconsistent program behavior and may cause memory access errors, incorrect results, crashes, or breaches of system security. That is why buffer overflows are applied in various software vulnerabilities and are often exploited in malicious operations.
Other fixed vulnerabilities in the latest PHP versions include:
- A memory read error in the GD graphics library identified as 70976;
- A user-after-free vulnerability in WDDX known as 70661;
- Two type confusion vulnerabilities in WDDX known as 70741 and 70728.