Loading ...
Sorry, an error occurred while loading the content.

PHP 5.2.4 Released

Expand Messages
  • Vinu Thomas
    The PHP development team would like to announce the immediate availability of PHP 5.2.4 . This release focuses on
    Message 1 of 1 , Sep 3, 2007
    View Source
    • 0 Attachment
      The PHP development team would like to announce the immediate
      availability of PHP 5.2.4 <http://www.php.net/downloads.php#v5> . This
      release focuses on improving the stability of the PHP 5.2.X branch with
      over 120 various bug fixes in addition to resolving several low
      priority security bugs. All users of PHP are encouraged to upgrade to
      this release.

      Further details about the PHP 5.2.4 release can be found in the release
      announcement for 5.2.4 <http://www.php.net/releases/5_2_4.php> , the
      full list of changes is available in the ChangeLog for PHP 5
      <http://www.php.net/ChangeLog-5.php#5.2.4> .

      Security Enhancements and Fixes in PHP 5.2.4:

      * Fixed a floating point exception inside wordwrap() (Reported by
      Mattias Bengtsson)
      * Fixed several integer overflows inside the GD extension (Reported
      by Mattias Bengtsson)
      * Fixed size calculation in chunk_split() (Reported by Gerhard
      Wagner)
      * Fixed integer overflow in str[c]spn(). (Reported by Mattias
      Bengtsson)
      * Fixed money_format() not to accept multiple %i or %n tokens.
      (Reported by Stanislav Malyshev)
      * Fixed zend_alter_ini_entry() memory_limit interruption
      vulnerability. (Reported by Stefan Esser)
      * Fixed INFILE LOCAL option handling with MySQL extensions not to be
      allowed when open_basedir or safe_mode is active. (Reported by Mattias
      Bengtsson)
      * Fixed session.save_path and error_log values to be checked against
      open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian
      Arciemowicz)
      * Fixed a possible invalid read in glob() win32 implementation
      (CVE-2007-3806) (Reported by shinnai)
      * Fixed a possible buffer overflow in php_openssl_make_REQ (Reported
      by zatanzlatan at hotbrev dot com)
      * Fixed an open_basedir bypass inside glob() function (Reported by dr
      at peytz dot dk)
      * Fixed a possible open_basedir bypass inside session extension when
      the session file is a symlink (Reported by c dot i dot morris at durham
      dot ac dot uk)
      * Improved fix for MOPB-03-2007.
      * Corrected fix for CVE-2007-2872.

      For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade
      guide is available here <http://www.php.net/migration52> , detailing the
      changes between those releases and PHP 5.2.4.



      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.