PHP 4.4.4 and 5.1.5 Released!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

PHP development team would like to announce the immediate availability 
of PHP 5.1.5 and PHP 4.4.4.  The two releases address a series of 
security problems discovered since PHP 5.1.4 and 4.4.3, respectively. 
These include the following:

- Added missing safe_mode/open_basedir checks inside the error_log(), 
  file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit 
  systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and on 
  PHP 5.1.5 with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos()  function.
- Fixed memory_limit restriction on 64 bit system.

In addition to the security fixes, both releases include a small number 
of non-security related bug fixes.

The outlined issues can only be exploited locally, however, we still 
recommend that all users upgrade to either one of the new releases as 
soon as possible.


Ilia Alshanetsky and Derick Rethans

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux