Wamp服务器为PHP应用补丁

Question

I am using WAMP server version 3.1.4 64 bit, having PHP version 7.2.10, Apache version 2.4.35,

There are Multiple Heap Buffer Overflow Vulnerabilities for PHP versions prior to 7.3.3.

Vulnerabilities listed here

and patch for the Vulnerability available here

Possible solution is i can download latest Wamp server(Which provide PHP version 7.3.4) and install it, but here is catch, my some of the applications requires SSH access to other remote server to run scripts on remote servers and some applications also requierd SFTP connections to remote servers,You can check here that php_ssh2.dll,php_ssh2.pdb is only available for PHP verion 7.2, not for PHP version 7.3, so if i upgrade WAMP server to latest verion, These applications will stop working, So i have to apply patch available to provide audit compliance.

I dont know how to apply these patch and also not able to find any article which helps/guide me for the same.

Link of patch posted above and i am also mentioning content of patch file below

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index fe89b85471..0b5bb5ae21 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
        exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
        return FALSE;
    }
+   if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
+       exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
+       return FALSE;
+   }

    for (de=0;de<NumDirEntries;de++) {
        if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,

Can anyone help me with how can i apply this patch ?

Answer 1

WAMPServer 3 is completely easy to update in place.

Go to the WAMPServer backup repo (only because it is easier to navigate that SourceForge) and download the latest WAMPServer UPDATE (Currently 3.1.8) This will NOT effect the versions of Apache/MySQL/PHP you are using, it will just update the WAMPServer core code.

Then Pick any version of Apache - MySQL - mariaDB - PHP from the 100's of versions available in the repo. You may need to click the "See All Available Versions" button.

Click any one to download the installer. Run the installer. That version of whatever you picked will be installed, BUT NOT ACTIVATED. So use the WAMPServer menus to activate the version you want to use.

Remember, if you are changing versions of MySQL or mariaDB, you should backup your databases in the current version before switching to the new versionj. Then simply restore the databases. This will avoid any version issues.