Jump to content


Photo

PHP updates


  • Please log in to reply
94 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 06 December 2008 - 11:05 AM

FYI...

PHP v5.2.7 released
- http://www.php.net/a...#id2008-12-04-3
04-Dec-2008 - "The PHP development team would like to announce the immediate availability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release..."

- http://www.php.net/downloads.php

- http://www.php.net/releases/5_2_7.php

ChangeLog:
- http://www.php.net/C...Log-5.php#5.2.7

:!:

Edited by apluswebmaster, 06 December 2008 - 11:13 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 09 December 2008 - 10:50 AM

FYI...

PHP 5.2.8 released
- http://www.php.net/releases/5_2_8.php
08-Dec-2008 - "The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7... that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini."

Downloads:
- http://www.php.net/downloads.php

ChangeLog:
- http://us3.php.net/ChangeLog-5.php

- http://web.nvd.nist....d=CVE-2009-0422
Last revised:02/05/2009

:!:

Edited by apluswebmaster, 09 February 2009 - 12:47 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 27 February 2009 - 10:40 AM

FYI...

PHP multiple vulns - update available
- http://secunia.com/advisories/34081/
Release Date: 2009-02-27
Critical: Moderately critical
Impact: Unknown, Exposure of sensitive information, DoS
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x...
Solution: Update to version 5.2.9
http://www.php.net/downloads.php ...
Original Advisory:
http://www.php.net/releases/5_2_9.php ...

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 14 April 2009 - 11:25 AM

FYI...

PHP v5.2.9-2 released
- http://secunia.com/advisories/34666/2/
Release Date: 2009-04-14
Critical: Moderately critical
Impact: Security Bypass, DoS
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x
Solution: Update to version 5.2.9-2.
Original Advisory: PHP:
http://www.php.net/a...#id2009-04-08-1
CVE reference:
http://web.nvd.nist....d=CVE-2009-0590
http://web.nvd.nist....d=CVE-2009-0591
http://web.nvd.nist....d=CVE-2009-0789

- http://openssl.org/n...dv_20090325.txt

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 19 September 2009 - 08:50 AM

FYI...

PHP multiple vulns - update available
- http://secunia.com/advisories/36791/2/
Release Date: 2009-09-18
Critical: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x ...
Solution: Update to version 5.2.11...
Original Advisory: http://www.php.net/releases/5_2_11.php
"75 bug fixes"
- http://www.php.net/C...og-5.php#5.2.11

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 20 November 2009 - 06:39 AM

FYI...

PHP v5.3.1 released
- http://secunia.com/advisories/37412/2/
Release Date: 2009-11-20
Critical: Moderately critical
Impact: Unknown, Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.3.x ...
Solution: Update to version 5.3.1.
Original Advisory: PHP:
http://www.php.net/releases/5_3_1.php

ChangeLog
- http://www.php.net/C...Log-5.php#5.3.1

- http://isc.sans.org/...ml?storyid=7615
"... With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes..."

- http://secunia.com/advisories/37412/3/
Last Update: 2009-11-24 ...
CVE reference:
http://web.nvd.nist....d=CVE-2009-3292
http://web.nvd.nist....d=CVE-2009-3557
http://web.nvd.nist....d=CVE-2009-3558
http://web.nvd.nist....d=CVE-2009-4017

:ph34r:

Edited by apluswebmaster, 17 December 2009 - 11:17 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 17 December 2009 - 11:16 AM

FYI...

PHP v5.2.12 released
- http://secunia.com/advisories/37821/2/
Release Date: 2009-12-17
Critical: Moderately critical
Impact: Unknown, Security Bypass, Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: PHP 5.2.x
Solution: Update to version 5.2.12.
Original Advisory: PHP:
http://www.php.net/releases/5_2_12.php
http://bugs.php.net/bug.php?id=49785 ...

- http://secunia.com/advisories/37821/3/
CVE reference:
CVE-2009-3557, CVE-2009-3558, CVE-2009-4017, CVE-2009-4142, CVE-2009-4143

ChangeLog
- http://www.php.net/C...og-5.php#5.2.12
17-December-2009

> http://www.spywarein...iew=getlastpost

:ph34r:

Edited by apluswebmaster, 17 December 2009 - 11:34 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 26 February 2010 - 11:02 AM

FYI...

PHP v5.2.13 released
- http://secunia.com/advisories/38708/
Last Update: 2010-03-08
Impact: Security Bypass
Where: From remote
Software: PHP 5.2.x
Original Advisory: PHP:
http://www.php.net/releases/5_2_13.php ...
"... over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release..."
Last updated: Fri Feb 26 15:12:05 2010 UTC

ChangeLog:
- http://www.php.net/C...og-5.php#5.2.13

- http://www.php.net/downloads.php

- http://secunia.com/advisories/38708/
Solution: Update to version 5.2.13 or 5.3.2.

- http://securitytrack...eb/1023661.html
Feb 27 2010

:ph34r:

Edited by apluswebmaster, 09 March 2010 - 04:36 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 06 March 2010 - 02:19 PM

FYI...

PHP v5.3.2 released
- http://www.php.net/releases/5_3_2.php
04-March-2010 - "... large number of bug fixes..."

- http://www.php.net/C...Log-5.php#5.3.2

- http://www.php.net/downloads.php

- http://secunia.com/advisories/38708/
Last Update: 2010-03-08

:ph34r: :!:

Edited by apluswebmaster, 09 March 2010 - 04:41 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 31 July 2010 - 09:08 AM

FYI...

PHP v5.3.3 released
- http://www.php.net/a...#id2010-07-22-2
22-Jul-2010 - "... over 100 bug fixes, some of which are security related."

- http://secunia.com/advisories/40268/
Last Update: 2010-07-23
Criticality level: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch...

15 years of PHP
- http://www.h-online....HP-1017628.html

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 09 August 2010 - 06:22 PM

FYI...

RE: PHP v5.3.3...
- http://www.securityf.../bid/41991/info
Updated: Aug 09 2010 - "... Not Vulnerable: PHP 5.3.3, PHP 5.2.14..."

- http://www.securityf...d/41991/exploit
"Some of these issues may be exploited through a browser. Other issues may require an attacker to have local interactive access. Currently we are not aware of any working exploits..."

ChangeLog
- http://www.php.net/C...Log-5.php#5.3.3

- http://www.php.net/a...#id2010-07-22-2

:ph34r:

Edited by apluswebmaster, 09 August 2010 - 06:25 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 14 November 2010 - 03:19 PM

FYI...

PHP mb_strcut() may disclose potentially sensitive info...
- http://securitytrack...ov/1024737.html
Date: Nov 13 2010
... impact depends on the applications that use the vulnerable function...
Solution: The vendor has issued a source code fix, available via SVN...

- http://us3.php.net/m...n.mb-substr.php
Last updated: Fri, 12 Nov 2010

- http://web.nvd.nist....d=CVE-2010-4156
Last revised: 11/10/2010
CVSS v2 Base Score: 5.0 (MEDIUM)
___

- http://securitytrack...ov/1024761.html
Date: Nov 22 2010
Version(s): 5.2.14, 5.3.3; possibly others...
Solution: The vendor has issued a source code fix, available at: http://svn.php.net/v...revision=305032 ...

:ph34r:

Edited by AplusWebMaster, 22 November 2010 - 07:22 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 10 December 2010 - 01:02 PM

FYI...

PHP v5.3.4 released
- http://www.php.net/a...#id2010-12-10-1
10-Dec-2010 - "... This is a maintenance release in the 5.3 series, which includes a large number of bug fixes...
Key Bug Fixes in PHP 5.3.4 include:
• Added stat support for zip stream.
• Added follow_location (enabled by default) option for the http stream support.
• Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al.
• Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime.
• Multiple improvements to the FPM SAPI.
Over 100 other bug fixes..."

ChangeLog:
- http://www.php.net/C...Log-5.php#5.3.4

- http://secunia.com/advisories/41724/
Last Update: 2010-12-10
Impact: Unknown, Security Bypass, DoS
Where: From remote...
Solution: Update to version 5.2.15 and 5.3.4.
Original Advisory: PHP:
http://www.php.net/a...#id2010-12-10-1
http://www.php.net/a...#id2010-12-09-1
___

- http://www.php.net/a...#id2010-12-16-1
16-Dec-2010 - "... PHP 5.2's support ended, a migration guide available on http://php.net/migration53 , details the changes between PHP 5.2 and PHP 5.3."

:ph34r: :ph34r:

Edited by AplusWebMaster, 18 December 2010 - 05:27 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 22 March 2011 - 07:29 AM

FYI...

php.net security notice
- http://www.php.net/a...#id2011-03-19-2
19-Mar-2011 - "The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts. We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit."

- http://www.h-online....ed-1211874.html
21 March 2011
___

PHP 5.3.6 Released
17-Mar-2011 - "The PHP development team would like to announce the immediate availability of PHP 5.3.6. This release focuses on improving the stability of the PHP 5.3.x branch with over 60 bug fixes, some of which are security related..."

- http://web.nvd.nist....d=CVE-2011-1153
Last revised: 03/22/2011
CVSS v2 Base Score: 7.5 (HIGH) / "... in PHP 5.3.5 and earlier..."
- http://web.nvd.nist....d=CVE-2011-1092
Last revised: 03/22/2011
CVSS v2 Base Score: 7.5 (HIGH) / "... before 5.3.6..."

- http://web.nvd.nist....d=CVE-2011-1148
Last revised: 03/24/2011
CVSS v2 Base Score: 7.5 (HIGH) / "... in PHP 5.3.6 and earlier..."
> http://xforce.iss.ne...orce/xfdb/66080
"High Risk... No remedy available as of March 26, 2011..."

:grrr: :ph34r:

Edited by AplusWebMaster, 28 March 2011 - 03:04 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 18 August 2011 - 04:14 PM

FYI...

PHP v5.3.7 released
- http://www.php.net/a...#id2011-08-18-1
18-Aug-2011 - "... This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related..."

Change Log
- http://www.php.net/C...Log-5.php#5.3.7

- http://h-online.com/-1326138
19 August 2011 - "... bug fixes resolve a number of crashing flaws when using tack_errors, calling unknown function names, passing NULL to the DatePeriod constructor and many more... a high severity use after free error in substr_replace (CVE-2011-1148) and a high severity stack overflow in socket_connect (CVE-2011-1938) have also been fixed. One medium security issue fixed is a file path injection vulnerability in the file upload mechanism (CVE-2011-2022)..."

- http://web.nvd.nist....d=CVE-2011-1148
- http://web.nvd.nist....d=CVE-2011-1938
- http://web.nvd.nist....d=CVE-2011-2022

- https://secunia.com/advisories/44874/
Last Update: 2011-08-19
Impact: Security Bypass, DoS, System access
Where: From remote
Solution: Update to version 5.3.7.

:ph34r: :!:

Edited by AplusWebMaster, 22 August 2011 - 10:30 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 22 August 2011 - 10:31 AM

FYI...

5.3.7 upgrade warning
- http://www.php.net/a...#id2011-08-22-1
22-Aug-2011 - "Due to unfortunate issues with 5.3.7 (see bug#55439*) users should -wait- with upgrading until 5.3.8 will be released (expected in few days)..."
* https://bugs.php.net/bug.php?id=55439

:!: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 23 August 2011 - 05:04 PM

FYI...

PHP v5.3.8 released
- http://www.php.net/a...#id2011-08-23-1
23-Aug-2011

Change Log
- http://www.php.net/C...Log-5.php#5.3.8

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 12 January 2012 - 11:18 PM

FYI...

PHP v5.3.9 released
- http://www.php.net/a...#id2012-01-11-1
10-Jan-2012 - "The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which -are- security related...

Download: http://www.php.net/downloads.php
Changelog: http://www.php.net/C...Log-5.php#5.3.9
All users are strongly encouraged to upgrade to PHP 5.3.9."

- http://web.nvd.nist....d=CVE-2011-4566 - 6.4
- http://web.nvd.nist....d=CVE-2011-4885 - 5.0
___

- http://h-online.com/-1407472
11 January 2012

:!: :ph34r:

Edited by AplusWebMaster, 14 January 2012 - 10:15 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 03 February 2012 - 08:32 AM

FYI...

PHP v5.3.10 released
- http://securitytracker.com/id/1026631
Date: Feb 3 2012
CVE Reference: CVE-2012-0830
Impact: Execution of arbitrary code via network, User access via network
Version(s): 5.3.9
... This vulnerability was introduced in version 5.3.9 in the fix for CVE-2011-4885.
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (5.3.10).
... advisory is available at:
- http://www.php.net/a...#id2012-02-02-1
2-Feb-2012 - "... This release delivers a critical security fix... All users are strongly encouraged to upgrade to PHP 5.3.10...
- http://www.php.net/downloads.php

- https://secunia.com/advisories/47806/
Release Date: 2012-02-03
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2012-0830
... vulnerability is reported in version 5.3.9.
Solution: Update to version 5.3.10.

- http://web.nvd.nist....d=CVE-2012-0830
Last revised: 02/16/2012
CVSS v2 Base Score: 7.5 (HIGH)

:!: :ph34r:

Edited by AplusWebMaster, 19 February 2012 - 12:51 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 19 March 2012 - 08:53 AM

FYI...

PHP v5.4.0 released
- http://www.php.net/a...#id2012-03-01-1
01-Mar-2012 - "... immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes.
Some of the key new features include: traits, a shortened array syntax, a built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs..."

- http://php.net/releases/5_4_0.php

- http://www.php.net/downloads.php

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 27 April 2012 - 08:14 AM

FYI...

PHP v5.3.11/v5.4.1 released
- http://www.php.net/i...#id2012-04-26-1
26-Apr-2012 - Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:
> Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
> Add open_basedir checks to readline_write_history and readline_read_history.
Security Enhancement affecting PHP 5.3.11 only:
> Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in these releases include:
> Added debug info handler to DOM objects.
> Fixed bug #61172 (Add Apache 2.4 support)...

ChangeLog
- http://www.php.net/ChangeLog-5.php

Downloads
- http://www.php.net/downloads.php

___

- http://h-online.com/-1561184
27 April 2012 - "... PHP 5.4.1 has more than 20 bug fixes... PHP 5.3.11 update fixes nearly 60 bugs..."

:!: :ph34r:

Edited by AplusWebMaster, 27 April 2012 - 08:18 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 03 May 2012 - 06:37 PM

FYI...

>> http://blog.spiderla...p-cgi-vuln.html
07 May 2012
___

PHP v5.3.12/v5.4.2 released
- http://www.php.net/a...#id2012-05-03-1
3-May-2012 - "There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed... A large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable. If you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not. To fix this, update to PHP 5.3.12 or PHP 5.4.2. We recognize that since CGI is a rather outdated way to run PHP, it may not be feasible to upgrade these sites to a modern version of PHP...
(More detail at the URL above.)

Downloads
- http://www.php.net/downloads.php

ChangeLog
- http://www.php.net/C...Log-5.php#5.4.2
3-May-2012
___

- http://h-online.com/-1567532
3 May 2012
- http://www.kb.cert.org/vuls/id/520827
Last revised: 04 May 2012

- http://h-online.com/-1568454
4 May 2012 - "... Users can determine whether they are affected by the bug by appending the string ?-s to a URL. If the server returns PHP source code, rapid action is required. A Metasploit module which opens a remote shell for executing arbitrary code on vulnerable servers is already available."

:ph34r: :!: :ph34r:

Edited by AplusWebMaster, 08 May 2012 - 06:09 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 08 May 2012 - 08:27 PM

FYI...

PHP v5.4.3/v5.3.13 released
- http://www.php.net/a...#id2012-05-08-1
8-May-2012 - "... immediate availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13. The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue..."

Downloads
- http://www.php.net/downloads.php

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://web.nvd.nist....d=CVE-2012-1823 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2311 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2335 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2336 - 5.0
05/11/2012 - "... before 5.3.13 and 5.4.x before 5.4.3..."
___

Critical open hole in PHP creates risks
- http://atlas.arbor.net/briefs/
Severity: High Severity
Published: Monday, May 07, 2012
A specific configuration and a PHP vulnerability opens the door for a remote attack on vulnerable installations. Public exploit code is available, increasing risks.
Analysis: Further details are provided at http://eindbazen.net...-cve-2012-1823/ and http://www.php.net/a...#id2012-05-06-1 and a more robust patch is to be released on Tuesday, May 8. The prior release did not fully resolve the problem. A Metasploit exploit was made available on May 4. Sites vulnerable to this threat need to take protective action, as the scanning activity for this is likely to be very high considering the popularity of PHP.
Source: http://h-online.com/-1570916
9 May 2012

Attackers target unpatched PHP bug allowing malicious code execution
- http://atlas.arbor.net/briefs/
Severity: Elevated Severity
Published: Thursday, May 10, 2012
PHP bug, just patched on May 8, is already being used by attackers.
Analysis: While the number of vulnerable sites may be small due to the unique configuration required, such sites could be totally compromised. System admins should also check http://blog.spiderla...by-example.html for further details on the attacks and see the patch release at http://www.php.net/a...#id2012-05-08-1 .
Source: http://arstechnica.c...code-execution/

PHP-CGI exploitation by example
- http://blog.spiderla...by-example.html
7 May 2012

PHP-CGI vuln exploited-in-the-Wild
- http://blog.sucuri.n...n-the-wild.html
May 8, 2012

- https://www.computer...I_vulnerability
May 9, 2012 - "... Dreamhost has also seen a large number of attacks trying to exploit this vulnerability, according to Trustwave researchers who exchanged information with Dreamhost's security team. In total, the Web hosting company recorded 234,076 exploit attempts against 151,275 unique domains..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 13 May 2012 - 09:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 14 June 2012 - 03:31 PM

FYI...

PHP 5.4.4/5.3.14 released
- http://www.php.net/a...#id2012-06-14-1
14 June 2012 - "... immediate availability of PHP 5.4.4 and PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.4.4 or PHP 5.3.14. The release fixes multiple security issues:
A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension.
PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs..."

- http://windows.php.net/download/

- http://www.php.net/downloads.php

- http://www.php.net/ChangeLog-5.php

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 21 July 2012 - 06:13 AM

FYI...

PHP v5.4.5, 5.3.15 released
- http://www.php.net/a...#id2012-07-19-1
19-Jul-2012 - "... immediate availability of PHP 5.4.5 and PHP 5.3.15. This release fixes over 30 bugs and includes a fix for a security related overflow issue in the stream implementation. All users of PHP are encouraged to upgrade to PHP 5.4.5 or PHP 5.3.15..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://www.php.net/C...og-5.php#5.3.15

Download:
- http://www.php.net/downloads.php

- http://www.securityt....com/id/1027287
CVE Reference: http://web.nvd.nist....d=CVE-2012-2688 - 10.0 (HIGH)
Jul 20 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 5.3.15; 5.4.x prior to 5.4.5 ...

- http://www.securityt....com/id/1027286
CVE Reference: http://web.nvd.nist....d=CVE-2012-3365 - 5.0
Jul 20 2012 ...

:!: :ph34r:

Edited by AplusWebMaster, 24 July 2012 - 08:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 17 August 2012 - 03:51 PM

FYI...

PHP v5.4.6, 5.3.16 released
- http://www.php.net/
16-Aug-2012 - "... immediate availability of PHP 5.4.6 and PHP 5.3.16. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade..."

Download
- http://www.php.net/downloads.php

ChangeLog
- http://www.php.net/ChangeLog-5.php

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 18 September 2012 - 06:52 AM

FYI...

PHP 5.4.7, 5.3.17 released
- http://www.php.net/
13-Sep-2012 - "... immediate availability of PHP 5.4.7 and PHP 5.3.17. These release fixes over 20 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.7, or at least 5.3.17..."

Download
- http://www.php.net/downloads.php

ChangeLog
- http://www.php.net/ChangeLog-5.php

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 20 December 2012 - 10:36 AM

FYI...

PHP 5.4.10, 5.3.20 released
- http://php.net/
20-Dec-2012 - "... immediate availability of PHP 5.4.0. This release is a major leap forward in the 5.x series, which includes a large number of new features and bug fixes... the PHP 5.3 series will enter an end of life cycle and receive only critical fixes as of March 2013. All users of PHP are encouraged to upgrade to PHP 5.4."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

:!:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 17 January 2013 - 12:15 PM

FYI...

PHP 5.4.11, 5.3.21 released
- http://php.net/
17-Jan-2013 - "The PHP development team announces the immediate availability of PHP 5.4.11 and PHP 5.3.21. These releases fix about 10 bugs. All users of PHP are encouraged to upgrade to PHP 5.4..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 22 February 2013 - 09:45 AM

FYI...

PHP 5.4.12 / 5.3.22 released
- http://php.net/
21-Feb-2013 - "The PHP development team announces the immediate availability of PHP 5.4.12 and PHP 5.3.22. These releases fix about 10 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.12..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/
 

:!:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 18 March 2013 - 04:24 AM

FYI...

PHP 5.4.13, 5.3.23 released
- http://php.net/
14-Mar-2013 - "The PHP development team announces the immediate availability of PHP 5.4.13 and PHP 5.3.23. These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 12 April 2013 - 08:16 AM

FYI...

PHP 5.4.14, 5.3.24 released
- http://php.net/
11-Apr-2013 - "The PHP development team announces the immediate availability of PHP 5.4.14 and PHP 5.3.24. These releases fix about 10 bugs as well as upgrading the bundled PCRE library. All users of PHP are encouraged to upgrade to PHP 5.4.14..."

ChangeLog
- http://php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 09 May 2013 - 09:48 AM

FYI...

PHP 5.4.15, 5.3.25 released
- http://php.net/archi...#id2013-05-09-1
09-May-2013 - "The PHP development team announces the immediate availability of PHP 5.4.15 and PHP 5.3.25. These releases fix about 10 bugs as well as upgrading the bundled libmagic library. All users of PHP are encouraged to upgrade to PHP 5.4.15..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/
 

:!:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 07 June 2013 - 07:07 AM

FYI...

PHP 5.4.16, 5.3.26 released
- http://www.php.net/
06-Jun-2013 - "The PHP development team announces the immediate availability of PHP 5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://php.net/downloads.php

- http://windows.php.net/download/

- https://secunia.com/advisories/53736/
Release Date: 2013-06-07
Criticality level: Moderately critical
Impact:    System access
Where: From remote ...
CVE Reference: CVE-2013-2110
Solution: Update to version 5.4.16 or 5.3.26.
 

:ph34r:


Edited by AplusWebMaster, 07 June 2013 - 12:51 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 05 July 2013 - 11:34 AM

FYI...

PHP 5.4.17 released
- http://php.net/
04-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.4.17. About -20- bugs were fixed. All users of PHP are encouraged to upgrade to this release...

Changelog - 5.4.17
- http://www.php.net/C...og-5.php#5.4.17

- http://www.php.net/downloads.php

- http://windows.php.n...-5.4-ts-VC9-x86
 

:ph34r:


Edited by AplusWebMaster, 08 July 2013 - 05:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 11 July 2013 - 11:03 AM

FYI...

PHP 5.3.27 released - PHP 5.3 reaching EOL
- http://php.net/
11-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.3.27. About 10 bugs were fixed, including a security fix in the XML parser (Bug #65236).
Please Note: This will be the -last- regular release of the PHP 5.3 series. All users of PHP are encouraged to upgrade to PHP 5.4 or PHP 5.5. The PHP 5.3 series will receive only security fixes for the next year..."

ChangeLog
- http://www.php.net/C...og-5.php#5.3.27

Download
- http://windows.php.n...5.3-nts-VC9-x86
PHP 5.3 (5.3.27)
___

- https://secunia.com/advisories/54069/
Release Date: 2013-07-12
Criticality level: Moderately Critical
Where: From remote
Impact: System access
... vulnerability is reported in 5.3.x versions prior to 5.3.27.
Solution: Update to version 5.3.27.
Original Advisory: PHP:
- https://bugs.php.net/bug.php?id=65236
- http://www.php.net/C...og-5.php#5.3.27
 

:ph34r:


Edited by AplusWebMaster, 12 July 2013 - 04:02 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 19 July 2013 - 09:38 AM

FYI...

PHP 5.5.1 released
- http://php.net/
18-Jul-2013 - "The PHP development team announces the immediate availability of PHP 5.5.1. About 20 bugs were fixed including a security fix in the XML parser (Bug #65236)..."

ChangeLog
- http://www.php.net/C...Log-5.php#5.5.1

Downloads
- http://www.php.net/downloads.php

- http://windows.php.n...5.5-ts-VC11-x86
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 16 August 2013 - 10:08 AM

FYI...

PHP 5.4.18 released
- http://www.php.net/
15-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4073. All users of PHP are encouraged to upgrade to this release..."

- https://secunia.com/advisories/54554/
Release Date: 2013-08-16
Criticality: Moderately Critical
Impact: Spoofing, System access
Software: PHP 5.4.x
CVE Reference(s): CVE-2013-4073, CVE-2013-4113
For more information:
- https://secunia.com/SA54480/
- https://secunia.com/SA54069/
... vulnerability are reported in versions prior to 5.4.18.
Solution: Update to version 5.4.18.
Original Advisory:
http://php.net/archi...#id2013-08-15-1
http://www.php.net/C...og-5.php#5.4.18
 

:ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 19 August 2013 - 05:44 AM

FYI...

PHP v5.5.2 released
- http://www.php.net/
16-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.5.2. About 20 bugs were fixed, including security issue in OpenSSL module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release..."

- https://secunia.com/advisories/54562/
Release Date: 2013-08-19
Where: From remote
Impact: Hijacking, Spoofing
Solution Status: Vendor Patch
Software: PHP 5.5.x
CVE Reference(s): CVE-2011-4718, CVE-2013-4248
For more information: https://secunia.com/SA54480/
... vulnerabilities are reported in versions prior to 5.5.2.
Solution: Update to version 5.5.2.
Original Advisory:
http://www.php.net/a...#id2013-08-16-1
http://www.php.net/C...Log-5.php#5.5.2
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 August 2013 - 06:58 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 23 August 2013 - 12:15 PM

FYI...

PHP 5.4.19, 5.5.3 released
- http://www.php.net/
22-Aug-2013 - "The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a -bug- in the patch for CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19..."

ChangeLog
- http://www.php.net/ChangeLog-5.php

- http://windows.php.net/download/
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 19 September 2013 - 09:34 AM

FYI...

PHP 5.5.4 released
- http://php.net/
19-Sep-2013 - "The PHP development team announces the immediate availability of PHP 5.5.4. This release fixes several bugs against PHP 5.5.3. All PHP users are encouraged to upgrade to this new version..."

ChangeLog
- http://www.php.net/ChangeLog-5.php
Version 5.5.4 - 19-Sep-2013

- http://windows.php.net/download/
___

PHP 5.4.20 released
- http://www.php.net/
19-Sep-2013 - "The PHP development team announces the immediate availability of PHP 5.4.20. About 30 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."
 

:ph34r:


Edited by AplusWebMaster, 20 September 2013 - 01:57 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 17 October 2013 - 11:12 AM

Diagnostic page for php.net
- http://google.com/sa...c?site=php.net/
"... The last time Google visited this site was on 2013-11-14, and the last time suspicious content was found on this site was on 2013-10-23..."
___

PHP 5.5.5 released
- http://php.net/
16-Oct-2013 - "The PHP development team announces the immediate availability of PHP 5.5.5. This release fixes about twenty bugs against PHP 5.5.4, some of them regarding the build system. All PHP users are encouraged to upgrade to this new version..."

ChangeLog
- http://www.php.net/C...Log-5.php#5.5.5

- http://windows.php.net/download/
___

PHP 5.4.21 Released
- http://php.net/
17-Oct-2013 - "The PHP development team announces the immediate availability of PHP 5.4.21. About 10 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/C...og-5.php#5.4.21

- http://windows.php.n...-5.4-ts-VC9-x86
 

:!:


Edited by AplusWebMaster, 14 November 2013 - 11:37 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#43 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 14 November 2013 - 11:38 AM

FYI...

PHP 5.5.6 released
- http://php.net/archi...#id2013-11-14-1
14-Nov-2013 - "The PHP development team announces the immediate availability of PHP 5.5.6. This release fixes some bugs against PHP 5.5.5, and adds some performance improvements..."

ChangeLog
- http://www.php.net/C...Log-5.php#5.5.6

- http://windows.php.net/download/
___

PHP 5.4.22 Released
- http://php.net/archi...#id2013-11-14-3
14-Nov-2013 - "The PHP development team announces the immediate availability of PHP 5.4.22. About 10 bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/C...og-5.php#5.4.22
___

Diagnostic page for php.net
- http://google.com/sa...c?site=php.net/
"... The last time Google visited this site was on 2013-11-14, and the last time suspicious content was found on this site was on 2013-10-23..."
 

:!:


Edited by AplusWebMaster, 15 November 2013 - 10:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#44 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 11 December 2013 - 07:41 PM

FYI...

PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vuln
- https://secunia.com/advisories/56055/
Release Date: 2013-12-11
Criticality" Highly Critical
Where: From remote
Impact: System access
Solution Status: Vendor Workaround
Software: PHP 5.3.x, 5.4.x, 5.5.x
CVE Reference: https://cve.mitre.or...e=CVE-2013-6420
... vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior. Other versions may also be affected.
Solution: Fixed in the source code repository.
Original Advisory:
http://git.php.net/?...17fbf820fc18415
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#45 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 14 December 2013 - 06:33 AM

FYI...

PHP 5.5.7 released
- http://php.net/archi...#id2013-12-12-1
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.5.7. This release fixes some bugs against PHP 5.5.6 and it also includes a fix for CVE-2013-6420 in OpenSSL extension. All users are strongly encouraged to upgrade...."
ChangeLog: http://www.php.net/C...Log-5.php#5.5.7
___

PHP 5.4.23 released
- http://www.php.net/a...#id2013-12-12-3
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.4.23. About 10 bugs were fixed, including a security issue in OpenSSL module (CVE-2013-6420). All PHP 5.4 users are encouraged to upgrade to this version..."
ChangeLog: http://www.php.net/C...og-5.php#5.4.23
___

PHP 5.3.28 released
- http://php.net/archi...#id2013-12-12-2
12-Dec-2013 - "The PHP development team announces the immediate availability of PHP 5.3.28. This release fixes two security issues in OpenSSL module in PHP 5.3 - CVE-2013-4073 and CVE-2013-6420. All PHP 5.3 users are encouraged to upgrade to PHP 5.3.28 or latest versions of PHP 5.4 or PHP 5.5..."
ChangeLog: http://www.php.net/C...og-5.php#5.3.28
___

- http://windows.php.net/download/

- https://secunia.com/advisories/56055/
Last Update: 2013-12-16
Criticality: Highly Critical
Impact: System access
Solution Status: Vendor Patch
Software: PHP 5.3.x, 5.4.x, PHP 5.5.x
CVE Reference: https://web.nvd.nist...d=CVE-2013-6420 - 7.5 (HIGH)
... vulnerability is reported in versions 5.3.27 and prior, 5.4.22 and prior, and 5.5.6 and prior.
Solution: Update to version 5.3.28, 5.4.23, or 5.5.7.
Original Advisory: PHP: http://php.net/archi...#id2013-12-12-3

- https://web.nvd.nist...d=CVE-2013-4073 - 6.8
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 17 December 2013 - 10:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#46 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 10 January 2014 - 01:00 PM

FYI...

PHP 5.5.8 released
- http://php.net/archi...#id2014-01-10-1
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.5.8. This release fixes about -20- bugs against PHP 5.5.7 components..."

- http://www.php.net/C...Log-5.php#5.5.8

PHP 5.4.24 released
- http://php.net/archi...#id2014-01-10-2
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.4.24. About -14- bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/C...og-5.php#5.4.24

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#47 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 06 March 2014 - 11:00 AM

FYI...

PHP 5.5.10 released
- http://php.net/
2014-03-06 - "The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommand all PHP 5.5 users to upgrade to this version..."

- https://web.nvd.nist...d=CVE-2014-1943 - 5.0
- https://web.nvd.nist...d=CVE-2014-2270 - 4.3
- https://web.nvd.nist...d=CVE-2013-7327 - 6.8

ChangeLog
- http://www.php.net/C...og-5.php#5.5.10

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.26 released
- http://php.net/
2014-03-07 - "...  5.4.26. 5 bugs were fixed in this release, including CVE-2014-1943. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.26

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

:ph34r:


Edited by AplusWebMaster, 20 March 2014 - 04:28 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#48 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 03 April 2014 - 09:42 AM

FYI...

PHP 5.5.11 released
- http://www.php.net/a...#id2014-04-02-1
2 Apr 2014 - "... immediate availability of PHP 5.5.11. Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345*. We recommend all PHP 5.5 users to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.11

- http://www.php.net/downloads.php

* https://web.nvd.nist...d=CVE-2013-7345 - 5.0
___

PHP 5.4.27 released
- http://php.net/archi...#id2014-04-03-1
3 Apr 2014 - "... immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.27

- http://www.php.net/downloads.php
 

:ph34r:


Edited by AplusWebMaster, 04 April 2014 - 05:52 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#49 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 01 May 2014 - 09:12 AM

FYI...

PHP 5.5.12 released
- http://php.net/
30 Apr 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.12. This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.12

Downloads
- http://www.php.net/downloads.php
___

PHP 5.4.28 released
- http://php.net/
30 Apr 2014 - "The PHP development team announces the immediate availability of PHP 5.4.28. 19 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.28

Downloads
- http://www.php.net/downloads.php
____

- http://www.securityt....com/id/1030187
CVE Reference: https://cve.mitre.or...e=CVE-2014-0185
May 2 2014
Impact: User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5.11 and prior versions...
Solution: The vendor has issued a fix (5.5.12)...
___

- http://atlas.arbor.n...ndex#2038502733
High Severity
9 May 2014
 

:ph34r:


Edited by AplusWebMaster, 11 May 2014 - 10:25 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#50 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,893 posts

Posted 02 June 2014 - 04:27 AM

FYI...

PHP 5.5.13 released
- http://php.net/
29 May 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.13. This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.13

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/

- https://web.nvd.nist...d=CVE-2014-0237 - 5.0

- https://web.nvd.nist...d=CVE-2014-0238 - 5.0
___

PHP 5.4.29 released
- http://php.net/
29 May 2014 - "The PHP development team announces the immediate availability of PHP 5.4.29. 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.4.29

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

- http://www.securityt....com/id/1030321
CVE Reference: CVE-2014-0237, CVE-2014-0238
Jun 3 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 5.4.29, 5.5.13 ...
Solution: The vendor has issued a fix (5.4.29, 5.5.13).
The vendor's advisory is available at:
- http://www.php.net/C...og-5.php#5.5.13
 

:ph34r:


Edited by AplusWebMaster, 03 June 2014 - 05:11 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!