En

HHVM官网安全更新(2020-11-12)

来源:HHVM官网 发布日期:2020-11-12 阅读次数:3090 评论:0

基本信息

发布日期:2020-11-12(官方当地时间)

更新类型:安全更新

更新版本:4.56.2

感知时间:2020-11-13 08:12:48

风险等级:未知

情报贡献:TSRC

更新标题

安全更新

更新详情

A security update has been released for all supported HHVM versions. Please
update to one of the following versions to make sure you’re secure: 4.56.2
4.78.1
4.79.1
4.80.1
4.81.1
4.82.1
4.83.1This security update addresses the following vulnerabilities: dump-static-strings
(CVE-2019-3555)
and dump-pcre-cache
(CVE-2019-3556)
admin endpoints can write to any file the webserver has access to
out of bounds read in crypt()
light-process.cpp not dropping privileges correctly
integer overflow in gdImageCreate()
null pointer dereference in XMLReader::expand()
buffer overflow in ldap_escape()
(CVE-2020-1916)

软件描述

HHVM (HipHop Virtual Machine)会将PHP代码转换成高级别的字节码(通常称为中间语言)。然后在运行时通过即时(JIT)编译器将这些字节码转换为x64的机器码

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入