. Updated Daily. Editions SDA India   SDA Indonesia
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













News

Thursday, 15 February 2007

Two versions--PHP 5.2.1 and PHP 4.4.5 Released
 

 

The PHP development team has announced the availability of PHP 5.2.1 and PHP 4.4.5. It informs you that these releases have stability and security enhancements of the 5.x and 4.4.x branches, and all users are encouraged to upgrade to it as soon as possible.
Some of the security enhancements and fixes in PHP 5.2.1 and PHP 4.4.5 listed in the announcement are:

  • Fixed possible safe_mode and open_basedir bypasses inside the session extension
  • Fixed unserialize() abuse on 64 bit systems with certain input strings
  • Fixed possible overflows and stack corruptions in the session extension.
  • Fixed an underflow inside the internal sapi_header_op() function
  • Fixed non-validated resource destruction inside the shmop extension
  • Fixed a possible overflow in the str_replace() function
  • Fixed possible clobbering of super-globals in several code paths
  • Fixed a possible information disclosure inside the wddx extension
  • Fixed a possible string format vulnerability in *print() functions on 64 bit systems
  • Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions
  • Fixed a string format vulnerability inside the odbc_result_all() function.


The announcement warns that majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, the team advises all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.

It also informs you that users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.1.

Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5.

Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4.
 

More info

 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2009 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use