Jump to content


Photo

PHP 5.2.3 released


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,570 posts

Posted 01 June 2007 - 09:48 AM

FYI...

- http://isc.sans.org/...ml?storyid=2900
Last Updated: 2007-06-01 08:20:25 UTC ~ "PHP released PHP version 5.2.3.
From the release notes following security improvements have been made:
* Fixed an integer overflow inside chunk_split() (CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath ())
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
Take care with the fixes not listed as security related as there seem to be at least a few of them that are interesting from either a security application point of view, or just from an availability point of view. E.g.:
* Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
* Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
If you are on the 5.2 branch best to upgrade ASAP to 5.2.3 .
* Release announcement: http://www.php.net/releases/5_2_3.php
* Changelog: http://www.php.net/C...Log-5.php#5.2.3
* Download: http://www.php.net/downloads.php#v5
While recompiling and testing PHP, consider adding in Suhosin* from the hardened PHP project, it'll improve your security stance."
* http://www.hardened-...uhosin.127.html

- http://secunia.com/advisories/25456/
Release Date: 2007-06-01
Critical: Moderately critical
Impact: Unknown, Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x ...
Solution: Update to version 5.2.3... http://www.php.net/downloads.php#v5
Original Advisory: http://www.php.net/releases/5_2_3.php

.

Edited by apluswebmaster, 01 June 2007 - 01:25 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,570 posts

Posted 06 June 2007 - 05:56 AM

Secunia advisory updated:

- http://secunia.com/advisories/25456/
Last Update: 2007-06-04
Changelog: 2007-06-04: Added information provided by SEC Consult. Added link to "Original Advisory" section. Updated "Criticality".
Original Advisory: PHP:
http://www.php.net/releases/5_2_3.php
SEC Consult: http://www.sec-consult.com/291.html ..."

> http://www.spywarein...c...st&p=549349

???

Edited by apluswebmaster, 06 June 2007 - 06:04 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button