• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
AplusWebMaster

PHP updates

90 posts in this topic

FYI...

 

PHP v5.2.7 released

- http://www.php.net/archive/2008.php#id2008-12-04-3

04-Dec-2008 - "The PHP development team would like to announce the immediate availability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release..."

 

- http://www.php.net/downloads.php

 

- http://www.php.net/releases/5_2_7.php

 

ChangeLog:

- http://www.php.net/ChangeLog-5.php#5.2.7

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP 5.2.8 released

- http://www.php.net/releases/5_2_8.php

08-Dec-2008 - "The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7... that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini."

 

Downloads:

- http://www.php.net/downloads.php

 

ChangeLog:

- http://us3.php.net/ChangeLog-5.php

 

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0422

Last revised:02/05/2009

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP multiple vulns - update available

- http://secunia.com/advisories/34081/

Release Date: 2009-02-27

Critical: Moderately critical

Impact: Unknown, Exposure of sensitive information, DoS

Where: From remote

Solution Status: Vendor Patch

Software: PHP 5.2.x...

Solution: Update to version 5.2.9

http://www.php.net/downloads.php ...

Original Advisory:

http://www.php.net/releases/5_2_9.php ...

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.2.9-2 released

- http://secunia.com/advisories/34666/2/

Release Date: 2009-04-14

Critical: Moderately critical

Impact: Security Bypass, DoS

Where: From remote

Solution Status: Vendor Patch

Software: PHP 5.2.x

Solution: Update to version 5.2.9-2.

Original Advisory: PHP:

http://www.php.net/archive/2009.php#id2009-04-08-1

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0590

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0591

http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-0789

 

- http://openssl.org/news/secadv_20090325.txt

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

PHP multiple vulns - update available

- http://secunia.com/advisories/36791/2/

Release Date: 2009-09-18

Critical: Moderately critical

Impact: Unknown

Where: From remote

Solution Status: Vendor Patch

Software: PHP 5.2.x ...

Solution: Update to version 5.2.11...

Original Advisory: http://www.php.net/releases/5_2_11.php

"75 bug fixes"

- http://www.php.net/ChangeLog-5.php#5.2.11

 

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.1 released

- http://secunia.com/advisories/37412/2/

Release Date: 2009-11-20

Critical: Moderately critical

Impact: Unknown, Security Bypass

Where: From remote

Solution Status: Vendor Patch

Software: PHP 5.3.x ...

Solution: Update to version 5.3.1.

Original Advisory: PHP:

http://www.php.net/releases/5_3_1.php

 

ChangeLog

- http://www.php.net/ChangeLog-5.php#5.3.1

 

- http://isc.sans.org/diary.html?storyid=7615

"... With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes..."

 

- http://secunia.com/advisories/37412/3/

Last Update: 2009-11-24 ...

CVE reference:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3292

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3557

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3558

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4017

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.2.12 released

- http://secunia.com/advisories/37821/2/

Release Date: 2009-12-17

Critical: Moderately critical

Impact: Unknown, Security Bypass, Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch

Software: PHP 5.2.x

Solution: Update to version 5.2.12.

Original Advisory: PHP:

http://www.php.net/releases/5_2_12.php

http://bugs.php.net/bug.php?id=49785 ...

 

- http://secunia.com/advisories/37821/3/

CVE reference:

CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4142, CVE-2009-4143

 

ChangeLog

- http://www.php.net/ChangeLog-5.php#5.2.12

17-December-2009

 

> http://www.spywareinfoforum.com/index.php?showtopic=113304&view=getlastpost

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.2.13 released

- http://secunia.com/advisories/38708/

Last Update: 2010-03-08

Impact: Security Bypass

Where: From remote

Software: PHP 5.2.x

Original Advisory: PHP:

http://www.php.net/releases/5_2_13.php ...

"... over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release..."

Last updated: Fri Feb 26 15:12:05 2010 UTC

 

ChangeLog:

- http://www.php.net/ChangeLog-5.php#5.2.13

 

- http://www.php.net/downloads.php

 

- http://secunia.com/advisories/38708/

Solution: Update to version 5.2.13 or 5.3.2.

 

- http://securitytracker.com/alerts/2010/Feb/1023661.html

Feb 27 2010

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.2 released

- http://www.php.net/releases/5_3_2.php

04-March-2010 - "... large number of bug fixes..."

 

- http://www.php.net/ChangeLog-5.php#5.3.2

 

- http://www.php.net/downloads.php

 

- http://secunia.com/advisories/38708/

Last Update: 2010-03-08

 

:ph34r: :!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.3 released

- http://www.php.net/archive/2010.php#id2010-07-22-2

22-Jul-2010 - "... over 100 bug fixes, some of which are security related."

 

- http://secunia.com/advisories/40268/

Last Update: 2010-07-23

Criticality level: Moderately critical

Impact: Exposure of system information, Exposure of sensitive information, System access

Where: From remote

Solution Status: Vendor Patch...

 

15 years of PHP

- http://www.h-online.com/open/news/item/15-years-of-PHP-1017628.html

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

RE: PHP v5.3.3...

- http://www.securityfocus.com/bid/41991/info

Updated: Aug 09 2010 - "... Not Vulnerable: PHP 5.3.3, PHP 5.2.14..."

 

- http://www.securityfocus.com/bid/41991/exploit

"Some of these issues may be exploited through a browser. Other issues may require an attacker to have local interactive access. Currently we are not aware of any working exploits..."

 

ChangeLog

- http://www.php.net/ChangeLog-5.php#5.3.3

 

- http://www.php.net/archive/2010.php#id2010-07-22-2

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP mb_strcut() may disclose potentially sensitive info...

- http://securitytracker.com/alerts/2010/Nov/1024737.html

Date: Nov 13 2010

... impact depends on the applications that use the vulnerable function...

Solution: The vendor has issued a source code fix, available via SVN...

 

- http://us3.php.net/manual/en/function.mb-substr.php

Last updated: Fri, 12 Nov 2010

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4156

Last revised: 11/10/2010

CVSS v2 Base Score: 5.0 (MEDIUM)

___

 

- http://securitytracker.com/alerts/2010/Nov/1024761.html

Date: Nov 22 2010

Version(s): 5.2.14, 5.3.3; possibly others...

Solution: The vendor has issued a source code fix, available at: http://svn.php.net/viewvc?view=revision&revision=305032 ...

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.4 released

- http://www.php.net/archive/2010.php#id2010-12-10-1

10-Dec-2010 - "... This is a maintenance release in the 5.3 series, which includes a large number of bug fixes...

Key Bug Fixes in PHP 5.3.4 include:

• Added stat support for zip stream.

• Added follow_location (enabled by default) option for the http stream support.

• Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.

• Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.

• Multiple improvements to the FPM SAPI.

Over 100 other bug fixes..."

 

ChangeLog:

- http://www.php.net/ChangeLog-5.php#5.3.4

 

- http://secunia.com/advisories/41724/

Last Update: 2010-12-10

Impact: Unknown, Security Bypass, DoS

Where: From remote...

Solution: Update to version 5.2.15 and 5.3.4.

Original Advisory: PHP:

http://www.php.net/archive/2010.php#id2010-12-10-1

http://www.php.net/archive/2010.php#id2010-12-09-1

___

 

- http://www.php.net/archive/2010.php#id2010-12-16-1

16-Dec-2010 - "... PHP 5.2's support ended, a migration guide available on http://php.net/migration53 , details the changes between PHP 5.2 and PHP 5.3."

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

php.net security notice

- http://www.php.net/archive/2011.php#id2011-03-19-2

19-Mar-2011 - "The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts. We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit."

 

- http://www.h-online.com/security/news/item/PHP-developer-wiki-server-hacked-1211874.html

21 March 2011

___

 

PHP 5.3.6 Released

17-Mar-2011 - "The PHP development team would like to announce the immediate availability of PHP 5.3.6. This release focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1153

Last revised: 03/22/2011

CVSS v2 Base Score: 7.5 (HIGH) / "... in PHP 5.3.5 and earlier..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1092

Last revised: 03/22/2011

CVSS v2 Base Score: 7.5 (HIGH) / "... before 5.3.6..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1148

Last revised: 03/24/2011

CVSS v2 Base Score: 7.5 (HIGH) / "... in PHP 5.3.6 and earlier..."

> http://xforce.iss.net/xforce/xfdb/66080

"High Risk... No remedy available as of March 26, 2011..."

 

:grrr::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.7 released

- http://www.php.net/archive/2011.php#id2011-08-18-1

18-Aug-2011 - "... This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related..."

 

Change Log

- http://www.php.net/ChangeLog-5.php#5.3.7

 

- http://h-online.com/-1326138

19 August 2011 - "... bug fixes resolve a number of crashing flaws when using tack_errors, calling unknown function names, passing NULL to the DatePeriod constructor and many more... a high severity use after free error in substr_replace (CVE-2011-1148) and a high severity stack overflow in socket_connect (CVE-2011-1938) have also been fixed. One medium security issue fixed is a file path injection vulnerability in the file upload mechanism (CVE-2011-2022)..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1148

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1938

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2022

 

- https://secunia.com/advisories/44874/

Last Update: 2011-08-19

Impact: Security Bypass, DoS, System access

Where: From remote

Solution: Update to version 5.3.7.

 

:ph34r: :!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

5.3.7 upgrade warning

- http://www.php.net/archive/2011.php#id2011-08-22-1

22-Aug-2011 - "Due to unfortunate issues with 5.3.7 (see bug#55439*) users should -wait- with upgrading until 5.3.8 will be released (expected in few days)..."

* https://bugs.php.net/bug.php?id=55439

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.9 released

- http://www.php.net/archive/2012.php#id2012-01-11-1

10-Jan-2012 - "The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which -are- security related...

 

Download: http://www.php.net/downloads.php

Changelog: http://www.php.net/ChangeLog-5.php#5.3.9

All users are strongly encouraged to upgrade to PHP 5.3.9."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4566 - 6.4

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4885 - 5.0

___

 

- http://h-online.com/-1407472

11 January 2012

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.10 released

- http://securitytracker.com/id/1026631

Date: Feb 3 2012

CVE Reference: CVE-2012-0830

Impact: Execution of arbitrary code via network, User access via network

Version(s): 5.3.9

... This vulnerability was introduced in version 5.3.9 in the fix for CVE-2011-4885.

Impact: A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued a fix (5.3.10).

... advisory is available at:

- http://www.php.net/archive/2012.php#id2012-02-02-1

2-Feb-2012 - "... This release delivers a critical security fix... All users are strongly encouraged to upgrade to PHP 5.3.10...

- http://www.php.net/downloads.php

 

- https://secunia.com/advisories/47806/

Release Date: 2012-02-03

Criticality level: Highly critical

Impact: System access

Where: From remote ...

CVE Reference: CVE-2012-0830

... vulnerability is reported in version 5.3.9.

Solution: Update to version 5.3.10.

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0830

Last revised: 02/16/2012

CVSS v2 Base Score: 7.5 (HIGH)

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.4.0 released

- http://www.php.net/archive/2012.php#id2012-03-01-1

01-Mar-2012 - "... immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes.

Some of the key new features include: traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs..."

 

- http://php.net/releases/5_4_0.php

 

- http://www.php.net/downloads.php

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.3.11/v5.4.1 released

- http://www.php.net/index.php#id2012-04-26-1

26-Apr-2012 - Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:

> Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).

> Add open_basedir checks to readline_write_history and readline_read_history.

Security Enhancement affecting PHP 5.3.11 only:

> Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Key enhancements in these releases include:

> Added debug info handler to DOM objects.

> Fixed bug #61172 (Add Apache 2.4 support)...

 

ChangeLog

- http://www.php.net/ChangeLog-5.php

 

Downloads

- http://www.php.net/downloads.php

 

___

 

- http://h-online.com/-1561184

27 April 2012 - "... PHP 5.4.1 has more than 20 bug fixes... PHP 5.3.11 update fixes nearly 60 bugs..."

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

>> http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html

07 May 2012

___

 

PHP v5.3.12/v5.4.2 released

- http://www.php.net/archive/2012.php#id2012-05-03-1

3-May-2012 - "There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed... A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable. If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not. To fix this, update to PHP 5.3.12 or PHP 5.4.2. We recognize that since CGI is a rather outdated way to run PHP, it may not be feasible to upgrade these sites to a modern version of PHP...

(More detail at the URL above.)

 

Downloads

- http://www.php.net/downloads.php

 

ChangeLog

- http://www.php.net/ChangeLog-5.php#5.4.2

3-May-2012

___

 

- http://h-online.com/-1567532

3 May 2012

- http://www.kb.cert.org/vuls/id/520827

Last revised: 04 May 2012

 

- http://h-online.com/-1568454

4 May 2012 - "... Users can determine whether they are affected by the bug by appending the string ?-s to a URL. If the server returns PHP source code, rapid action is required. A Metasploit module which opens a remote shell for executing arbitrary code on vulnerable servers is already available."

 

:ph34r: :!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.4.3/v5.3.13 released

- http://www.php.net/archive/2012.php#id2012-05-08-1

8-May-2012 - "... immediate availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13. The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue..."

 

Downloads

- http://www.php.net/downloads.php

 

ChangeLog

- http://www.php.net/ChangeLog-5.php

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1823 - 7.5 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2311 - 7.5 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2335 - 7.5 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2336 - 5.0

05/11/2012 - "... before 5.3.13 and 5.4.x before 5.4.3..."

___

 

Critical open hole in PHP creates risks

- http://atlas.arbor.net/briefs/

Severity: High Severity

Published: Monday, May 07, 2012

A specific configuration and a PHP vulnerability opens the door for a remote attack on vulnerable installations. Public exploit code is available, increasing risks.

Analysis: Further details are provided at http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ and http://www.php.net/archive/2012.php#id2012-05-06-1 and a more robust patch is to be released on Tuesday, May 8. The prior release did not fully resolve the problem. A Metasploit exploit was made available on May 4. Sites vulnerable to this threat need to take protective action, as the scanning activity for this is likely to be very high considering the popularity of PHP.

Source: http://h-online.com/-1570916

9 May 2012

 

Attackers target unpatched PHP bug allowing malicious code execution

- http://atlas.arbor.net/briefs/

Severity: Elevated Severity

Published: Thursday, May 10, 2012

PHP bug, just patched on May 8, is already being used by attackers.

Analysis: While the number of vulnerable sites may be small due to the unique configuration required, such sites could be totally compromised. System admins should also check http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-by-example.html for further details on the attacks and see the patch release at http://www.php.net/archive/2012.php#id2012-05-08-1 .

Source: http://arstechnica.com/business/2012/05/attackers-target-unpatched-php-bug-allowing-malicious-code-execution/

 

PHP-CGI exploitation by example

- http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-by-example.html

7 May 2012

 

PHP-CGI vuln exploited-in-the-Wild

- http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html

May 8, 2012

 

- https://www.computerworld.com/s/article/9227012/PHP_patches_actively_exploited_CGI_vulnerability

May 9, 2012 - "... Dreamhost has also seen a large number of attacks trying to exploit this vulnerability, according to Trustwave researchers who exchanged information with Dreamhost's security team. In total, the Web hosting company recorded 234,076 exploit attempts against 151,275 unique domains..."

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP 5.4.4/5.3.14 released

- http://www.php.net/archive/2012.php#id2012-06-14-1

14 June 2012 - "... immediate availability of PHP 5.4.4 and PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.4.4 or PHP 5.3.14. The release fixes multiple security issues:

A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension.

PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs..."

 

- http://windows.php.net/download/

 

- http://www.php.net/downloads.php

 

- http://www.php.net/ChangeLog-5.php

 

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.4.5, 5.3.15 released

- http://www.php.net/archive/2012.php#id2012-07-19-1

19-Jul-2012 - "... immediate availability of PHP 5.4.5 and PHP 5.3.15. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation. All users of PHP are encouraged to upgrade to PHP 5.4.5 or PHP 5.3.15..."

 

ChangeLog

- http://www.php.net/ChangeLog-5.php

 

- http://www.php.net/ChangeLog-5.php#5.3.15

 

Download:

- http://www.php.net/downloads.php

 

- http://www.securitytracker.com/id/1027287

CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2688 - 10.0 (HIGH)

Jul 20 2012

Impact: Execution of arbitrary code via network, User access via network

Version(s): prior to 5.3.15; 5.4.x prior to 5.4.5 ...

 

- http://www.securitytracker.com/id/1027286

CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3365 - 5.0

Jul 20 2012 ...

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PHP v5.4.6, 5.3.16 released

- http://www.php.net/

16-Aug-2012 - "... immediate availability of PHP 5.4.6 and PHP 5.3.16. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade..."

 

Download

- http://www.php.net/downloads.php

 

ChangeLog

- http://www.php.net/ChangeLog-5.php

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

PHP 5.4.7, 5.3.17 released

- http://www.php.net/

13-Sep-2012 - "... immediate availability of PHP 5.4.7 and PHP 5.3.17. These release fixes over 20 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.7, or at least 5.3.17..."

 

Download

- http://www.php.net/downloads.php

 

ChangeLog

- http://www.php.net/ChangeLog-5.php

 

:!:

Share this post


Link to post
Share on other sites

FYI...

 

PHP 5.4.10, 5.3.20 released

- http://php.net/

20-Dec-2012 - "... immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes... the PHP 5.3 series will enter an end of life cycle and receive only critical fixes as of March 2013. All users of PHP are encouraged to upgrade to PHP 5.4."

 

ChangeLog

- http://php.net/ChangeLog-5.php

 

- http://php.net/downloads.php

 

- http://windows.php.net/download/

 

:!:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.11, 5.3.21 released
- http://php.net/
17-Jan-2013 - "The PHP development team announces the immediate availability of PHP 5.4.11 and PHP 5.3.21. These releases fix about 10 bugs. All users of PHP are encouraged to upgrade to PHP 5.4..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.12 / 5.3.22 released
- http://php.net/
21-Feb-2013 - "The PHP development team announces the immediate availability of PHP 5.4.12 and PHP 5.3.22. These releases fix about 10 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.12..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:!:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.13, 5.3.23 released
- http://php.net/
14-Mar-2013 - "The PHP development team announces the immediate availability of PHP 5.4.13 and PHP 5.3.23. These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.14, 5.3.24 released
- http://php.net/
11-Apr-2013 - "The PHP development team announces the immediate availability of PHP 5.4.14 and PHP 5.3.24. These releases fix about 10 bugs as well as upgrading the bundled PCRE library. All users of PHP are encouraged to upgrade to PHP 5.4.14..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.15, 5.3.25 released
- http://php.net/archive/2013.php#id2013-05-09-1
09-May-2013 - "The PHP development team announces the immediate availability of PHP 5.4.15 and PHP 5.3.25. These releases fix about 10 bugs as well as upgrading the bundled libmagic library. All users of PHP are encouraged to upgrade to PHP 5.4.15..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:!:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.16, 5.3.26 released
- http://www.php.net/
06-Jun-2013 - "The PHP development team announces the immediate availability of PHP 5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

- https://secunia.com/advisories/53736/
Release Date: 2013-06-07
Criticality level: Moderately critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2013-2110
Solution: Update to version 5.4.16 or 5.3.26.

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.17 released
- http://php.net/
04-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.4.17. About -20- bugs were fixed. All users of PHP are encouraged to upgrade to this release...

Changelog - 5.4.17
- http://www.php.net/ChangeLog-5.php#5.4.17

- http://www.php.net/downloads.php

- http://windows.php.net/download/#php-5.4-ts-VC9-x86

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.3.27 released - PHP 5.3 reaching EOL
- http://php.net/
11-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.3.27. About 10 bugs were fixed, including a security fix in the XML parser (Bug #65236).
Please Note: This will be the -last- regular release of the PHP 5.3 series. All users of PHP are encouraged to upgrade to PHP 5.4 or PHP 5.5. The PHP 5.3 series will receive only security fixes for the next year..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.3.27

Download
- http://windows.php.net/download/#php-5.3-nts-VC9-x86
PHP 5.3 (5.3.27)
___

- https://secunia.com/advisories/54069/
Release Date: 2013-07-12
Criticality level: Moderately Critical
Where: From remote
Impact: System access
... vulnerability is reported in 5.3.x versions prior to 5.3.27.
Solution: Update to version 5.3.27.
Original Advisory: PHP:
- https://bugs.php.net/bug.php?id=65236
- http://www.php.net/ChangeLog-5.php#5.3.27

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.1 released
- http://php.net/
18-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.5.1. About 20 bugs were fixed including a security fix in the XML parser (Bug #65236)..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.5.1

Downloads
- http://www.php.net/downloads.php

- http://windows.php.net/download/#php-5.5-ts-VC11-x86

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.18 released
- http://www.php.net/
15-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4073. All users of PHP are encouraged to upgrade to this release..."

- https://secunia.com/advisories/54554/
Release Date: 2013-08-16
Criticality: Moderately Critical
Impact: Spoofing, System access
Software: PHP 5.4.x
CVE Reference(s): CVE-2013-4073, CVE-2013-4113
For more information:
- https://secunia.com/SA54480/
- https://secunia.com/SA54069/
... vulnerability are reported in versions prior to 5.4.18.
Solution: Update to version 5.4.18.
Original Advisory:
http://php.net/archive/2013.php#id2013-08-15-1
http://www.php.net/ChangeLog-5.php#5.4.18

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP v5.5.2 released
- http://www.php.net/
16-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release..."

- https://secunia.com/advisories/54562/
Release Date: 2013-08-19
Where: From remote
Impact: Hijacking, Spoofing
Solution Status: Vendor Patch
Software: PHP 5.5.x
CVE Reference(s): CVE-2011-4718, CVE-2013-4248
For more information: https://secunia.com/SA54480/
... vulnerabilities are reported in versions prior to 5.5.2.
Solution: Update to version 5.5.2.
Original Advisory:
http://www.php.net/archive/2013.php#id2013-08-16-1
http://www.php.net/ChangeLog-5.php#5.5.2

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.4.19, 5.5.3 released
- http://www.php.net/
22-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a -bug- in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://windows.php.net/download/

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.4 released
- http://php.net/
19-Sep-2013 - "The PHP development team announces the immediate availability of PHP 5.5.4. This release fixes several bugs against PHP 5.5.3. All PHP users are encouraged to upgrade to this new version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php
Version 5.5.4 - 19-Sep-2013

- http://windows.php.net/download/
___

PHP 5.4.20 released
- http://www.php.net/
19-Sep-2013 - "The PHP development team announces the immediate availability of PHP 5.4.20. About 30 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Diagnostic page for php.net
- http://google.com/safebrowsing/diagnostic?site=php.net/
"... The last time Google visited this site was on 2013-11-14, and the last time suspicious content was found on this site was on 2013-10-23..."
___

PHP 5.5.5 released
- http://php.net/
16-Oct-2013 - "The PHP development team announces the immediate availability of PHP 5.5.5. This release fixes about twenty bugs against PHP 5.5.4, some of them regarding the build system. All PHP users are encouraged to upgrade to this new version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.5.5

- http://windows.php.net/download/
___

PHP 5.4.21 Released
- http://php.net/
17-Oct-2013 - "The PHP development team announces the immediate availability of PHP 5.4.21. About 10 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/ChangeLog-5.php#5.4.21

- http://windows.php.net/download/#php-5.4-ts-VC9-x86

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.6 released
- http://php.net/archive/2013.php#id2013-11-14-1
14-Nov-2013 - "The PHP development team announces the immediate availability of PHP 5.5.6. This release fixes some bugs against PHP 5.5.5, and adds some performance improvements..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.5.6

- http://windows.php.net/download/
___

PHP 5.4.22 Released
- http://php.net/archive/2013.php#id2013-11-14-3
14-Nov-2013 - "The PHP development team announces the immediate availability of PHP 5.4.22. About 10 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/ChangeLog-5.php#5.4.22
___

Diagnostic page for php.net
- http://google.com/safebrowsing/diagnostic?site=php.net/
"... The last time Google visited this site was on 2013-11-14, and the last time suspicious content was found on this site was on 2013-10-23..."

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vuln
- https://secunia.com/advisories/56055/
Release Date: 2013-12-11
Criticality" Highly Critical
Where: From remote
Impact: System access
Solution Status: Vendor Workaround
Software: PHP 5.3.x, 5.4.x, 5.5.x
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
... vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior. Other versions may also be affected.
Solution: Fixed in the source code repository.
Original Advisory:
http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.7 released
- http://php.net/archive/2013.php#id2013-12-12-1
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.5.7. This release fixes some bugs against PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension. All users are strongly encouraged to upgrade...."
ChangeLog: http://www.php.net/ChangeLog-5.php#5.5.7
___

PHP 5.4.23 released
- http://www.php.net/archive/2013.php#id2013-12-12-3
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.4.23. About 10 bugs were fixed, including a security issue in OpenSSL module (CVE-2013-6420). All PHP 5.4 users are encouraged to upgrade to this version..."
ChangeLog: http://www.php.net/ChangeLog-5.php#5.4.23
___

PHP 5.3.28 released
- http://php.net/archive/2013.php#id2013-12-12-2
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.3.28. This release fixes two security issues in OpenSSL module in PHP 5.3 - CVE-2013-4073 and CVE-2013-6420. All PHP 5.3 users are encouraged to upgrade to PHP 5.3.28 or latest versions of PHP 5.4 or PHP 5.5..."
ChangeLog: http://www.php.net/ChangeLog-5.php#5.3.28
___

- http://windows.php.net/download/

- https://secunia.com/advisories/56055/
Last Update: 2013-12-16
Criticality: Highly Critical
Impact: System access
Solution Status: Vendor Patch
Software: PHP 5.3.x, 5.4.x, PHP 5.5.x
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6420 - 7.5 (HIGH)
... vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior.
Solution: Update to version 5.3.28, 5.4.23, or 5.5.7.
Original Advisory: PHP: http://php.net/archive/2013.php#id2013-12-12-3

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4073 - 6.8

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.8 released
- http://php.net/archive/2014.php#id2014-01-10-1
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.5.8. This release fixes about -20- bugs against PHP 5.5.7 components..."

- http://www.php.net/ChangeLog-5.php#5.5.8

PHP 5.4.24 released
- http://php.net/archive/2014.php#id2014-01-10-2
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.4.24. About -14- bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/ChangeLog-5.php#5.4.24

- http://www.php.net/downloads.php

- http://windows.php.net/download/

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.10 released
- http://php.net/
2014-03-06 - "The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommand all PHP 5.5 users to upgrade to this version..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327 - 6.8

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.5.10

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.26 released
- http://php.net/
2014-03-07 - "... 5.4.26. 5 bugs were fixed in this release, including CVE-2014-1943. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.4.26

- http://www.php.net/downloads.php

- http://windows.php.net/download/

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.11 released
- http://www.php.net/archive/2014.php#id2014-04-02-1
2 Apr 2014 - "... immediate availability of PHP 5.5.11. Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345*. We recommend all PHP 5.5 users to upgrade to this version..."

Changelog
- http://www.php.net/ChangeLog-5.php#5.5.11

- http://www.php.net/downloads.php

* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7345 - 5.0
___

PHP 5.4.27 released
- http://php.net/archive/2014.php#id2014-04-03-1
3 Apr 2014 - "... immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.4.27

- http://www.php.net/downloads.php

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.12 released
- http://php.net/
30 Apr 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.12. This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/ChangeLog-5.php#5.5.12

Downloads
- http://www.php.net/downloads.php
___

PHP 5.4.28 released
- http://php.net/
30 Apr 2014 - "The PHP development team announces the immediate availability of PHP 5.4.28. 19 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php#5.4.28

Downloads
- http://www.php.net/downloads.php
____

- http://www.securitytracker.com/id/1030187
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
May 2 2014
Impact: User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.5.11 and prior versions...
Solution: The vendor has issued a fix (5.5.12)...
___

- http://atlas.arbor.net/briefs/index#2038502733
High Severity
9 May 2014

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

PHP 5.5.13 released
- http://php.net/
29 May 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.13. This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/ChangeLog-5.php#5.5.13

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0237 - 5.0

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0238 - 5.0
___

PHP 5.4.29 released
- http://php.net/
29 May 2014 - "The PHP development team announces the immediate availability of PHP 5.4.29. 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/ChangeLog-5.php#5.4.29

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

- http://www.securitytracker.com/id/1030321
CVE Reference: CVE-2014-0237, CVE-2014-0238
Jun 3 2014
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to versions 5.4.29, 5.5.13 ...
Solution: The vendor has issued a fix (5.4.29, 5.5.13).
The vendor's advisory is available at:
- http://www.php.net/ChangeLog-5.php#5.5.13

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now