<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonospacing, li.xmsonospacing, div.xmsonospacing
{mso-style-name:x_msonospacing;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:325473089;
mso-list-type:hybrid;
mso-list-template-ids:1314548554 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:421727148;
mso-list-type:hybrid;
mso-list-template-ids:-922479778 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:580605032;
mso-list-type:hybrid;
mso-list-template-ids:-640410410 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:967470944;
mso-list-type:hybrid;
mso-list-template-ids:327328904 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:1440373619;
mso-list-type:hybrid;
mso-list-template-ids:1077475896 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5
{mso-list-id:1789859906;
mso-list-type:hybrid;
mso-list-template-ids:-1714099062 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6
{mso-list-id:1907377490;
mso-list-type:hybrid;
mso-list-template-ids:367197452 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">FYI for those running PHP in their environment.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">Regards,</span><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;color:#0B5AB2">Chuck Forsyth</span></b><span style="font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> University of California Information Technology Policy & Security <UCITPS-L@LISTSERV.UCOP.EDU>
<b>On Behalf Of </b>Robert Smith<br>
<b>Sent:</b> Friday, January 8, 2021 7:44 AM<br>
<b>To:</b> UCITPS-L@LISTSERV.UCOP.EDU<br>
<b>Subject:</b> Outreach: Upgrade PHP - Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:14.0pt">TLP:WHITE<o:p></o:p></span></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello ITPS and SIRC,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Good Morning.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">FYSA:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNoSpacing" align="center" style="margin-left:.5in;text-align:center">
<b><span style="font-family:"Arial",sans-serif;color:#7030A0">MS-ISAC CYBERSECURITY ADVISORY</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">MS-ISAC ADVISORY NUMBER:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">2021-006</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">DATE(S) ISSUED:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">01/08/2020</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">SUBJECT:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">OVERVIEW:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language
originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary
code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">THREAT INTELLIGENCE:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">There are currently no reports of these vulnerabilities being exploited in the wild.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">SYSTEMS AFFECTED:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l4 level1 lfo2">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">PHP 8.0 prior to version 8.0.1</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l4 level1 lfo2">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">PHP 7.3 prior to version 7.3.26</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l4 level1 lfo2">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">PHP 7.4 prior to version 7.4.14</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">RISK:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">Government:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l6 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Large and medium government entities:<b> High</b></span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l6 level1 lfo4">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Small government entities: <b>High</b></span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">Businesses:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo6">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Large and medium business entities: <b>High</b></span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l2 level1 lfo6">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Small business entities: <b>High</b></span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">Home users: Low</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">TECHNICAL SUMMARY:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. Details of these vulnerabilities
are as below:</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Version 8.0</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #72964 (White space not unfolded for CC/Bcc headers).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80391 (Iterable not covariant to mixed).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77069 (stream filter loses final block of data).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fix a regression with valid UIDs in imap_savebody().</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Make warnings for invalid message numbers/UIDs between functions consistent.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80404 (Incorrect range inference result when division results in float).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80377 (Opcache misses executor_globals).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80447 (Strange out of memory error when running with JIT).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80480 (Segmentation fault with JIT enabled).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #79872 (Can't execute query with pending result sets).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #62889 (LOAD DATA INFILE broken).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #73809 (Phar Zip parse crash - mmap fail).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #75102 (`PharData` says invalid checksum for valid tar).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #76813 (Access violation near NULL on source operand).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80366 (Return Value of zend_fstat() not Checked).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77594 (ob_tidyhandler is never reset).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">XmlParser opaque object renamed to XMLParser for consistency with other XML objects.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo8">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #48725 (Support for flushing in zlib stream).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="color:#7030A0"> <o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Version 7.4</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #72964 (White space not unfolded for CC/Bcc headers).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80362 (Running dtrace scripts can cause php to crash).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80402 (configure filtering out -lpthread).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77069 (stream filter loses final block of data).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #73809 (Phar Zip parse crash - mmap fail).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #75102 (`PharData` says invalid checksum for valid tar).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80366 (Return Value of zend_fstat() not Checked).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80411 (References to null-serialized object break serialize()).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77594 (ob_tidyhandler is never reset).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo10">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed #48725 (Support for flushing in zlib stream).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Version 7.3</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo12">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo12">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application.
Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0"> </span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">RECOMMENDATIONS:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif;color:#7030A0">We recommend the following actions be taken:</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo14">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Upgrade to the latest version of PHP immediately, after appropriate testing.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo14">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Verify no unauthorized system modifications have occurred on system before applying patch.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo14">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Apply the principle of Least Privilege to all systems and services.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level1 lfo14">
<![if !supportLists]><span style="font-family:Symbol;color:#7030A0"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Arial",sans-serif;color:#7030A0">Remind users not to visit websites or follow links provided by unknown or untrusted sources.</span><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNoSpacing" style="margin-left:.5in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">REFERENCES:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">PHP:</span></b><o:p></o:p></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif;color:black"><a href="https://www.php.net/ChangeLog-8.php#PHP_8_0">https://www.php.net/ChangeLog-8.php#PHP_8_0</a></span><o:p></o:p></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif"><a href="https://www.php.net/ChangeLog-7.php#PHP_7_4">https://www.php.net/ChangeLog-7.php#PHP_7_4</a></span><o:p></o:p></p>
<p class="MsoNoSpacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif"><a href="https://www.php.net/ChangeLog-7.php#PHP_7_3">https://www.php.net/ChangeLog-7.php#PHP_7_3</a></span><o:p></o:p></p>
<p class="xmsonospacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="xmsonospacing" style="margin-left:1.0in"><b><span style="font-family:"Arial",sans-serif;color:#7030A0">CVE:</span></b><span style="color:#7030A0"><o:p></o:p></span></p>
<p class="xmsonospacing" style="margin-left:1.0in"><span style="font-family:"Arial",sans-serif"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7071</a></span><o:p></o:p></p>
<p class="MsoNoSpacing"><span style="font-family:"Arial",sans-serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="color:#5B9BD5">Happy New Year!<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;color:#0070C0">Wishing you a super day,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#0070C0">Robert Smith, CISSP, PMP<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#0070C0">Systemwide IT Policy Director/Security Director<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#0070C0">Information Technology Services<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#0070C0">University of California Office of the President<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#0070C0">(510) 587-6244 (o)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#0070C0">(510) 541-8103 (m)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#0070C0"><a href="mailto:robert.smith@ucop.edu"><span style="color:#0070C0">robert.smith@ucop.edu</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>