PHP 5.2.2 And PHP 4.4.7 Released

May 4, 2007

Quote:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)

Security Enhancements and Fixes in PHP 5.2.2 only:

* Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). (by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)

Security Enhancements and Fixes in PHP 4.4.7 only:

* XSS in phpinfo() (MOPB-8 by Stefan Esser)

As always get the source code from php.net and compile away.Or wait for your distro to put out an updated package.

View 0 Replies


ADVERTISEMENT

PHP 4.4.6 Released

Mar 2, 2007

[url]

Quote:

The PHP development team would like to announce the immediate availability of PHP 4.4.6. This release addresses a crash problem with the session extension when register_globals is turned on that was introduced in PHP 4.4.5. This release comes also with the new version 7.0 of PCRE and it addresses a number of minor bugs.

Download PHP 4.4.6: [url]
Detailed Changelog: [url]

So anyone's been upgraded?

View 14 Replies View Related

PHP 5.2.3 Released

Jun 2, 2007

The PHP development team would like to announce the immediate availability of PHP 5.2.3.

This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release.

Further details about the PHP 5.2.3 release can be found in the release announcement for 5.2.3, the full list of changes is available in the ChangeLog for PHP 5.

Security Enhancements and Fixes in PHP 5.2.3:

* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.

The key improvements of PHP 5.2.3 include:

* Improved compilation of heredocs and interpolated strings.
* Optimized out a couple of per-request syscalls.
* Optimized digest generation in md5() and sha1() functions.
* Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes)
* Fixed bug #39542 (Behavior of require/include different to < 5.2.0)
* Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler)
* Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
* Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
* Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not '.')
* Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults)
* Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys).
* Over 40 bug fixes.

Full change log at [url]

View 0 Replies View Related

RHEV - Red Hat's KVM Hypervisor Released

Nov 4, 2009

For those keeping up with the lastest virtualization news, Red Hat's hypervisor is now "Generally Available" as of today. Based on KVM, it may be a good alternative to VMWare if you need commercial support in your virtualization implementation.

Redhat Link

The code is GPL so I'm guessing we might see this soon in a Centos flavor?

View 5 Replies View Related

Rvskin 7.12 Released- Update Now

Jan 18, 2007

If you're running rvskin on your cPanel boxes then please update right away, I found some security issues in 7.1x tree and have been working with Rvskin which is the reason for this new release. They were nice and quick to get patched allied, poor guys haven't even had a chance to update their changelog yet

View 2 Replies View Related

Mod_mem_cache V1.2 For Lighttpd Released

Jul 12, 2007

I;m running lighttpd-1.4.15 and I have installed many mods which already comes packed with default install

but I want to install this particular mod and I cant seem to find any way to use this .patch file.

how this is done, only if you done it in the best and worked.

More details on this mod.
[url]

View 0 Replies View Related

How Popular Will Windows Hosting Be Now That CPanel Is Released

Oct 22, 2009

As the title says, how many of you will switch to windows hosting?

Hostdime seems to be the first offering the cPanel for windows.

View 14 Replies View Related

CPanel Released Windows Control Panel

Jul 18, 2009

cPanel has recently released beta version of "Enkompass". It offers a web hosting control panel system for Microsoft Windows server-based hosts. For more details take a look at [url]

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved