PHP issues security fixes in 5.2.6

by Steve Ragan - May 6 2008, 11:44

PHP, the code base that runs millions of sites online, has been upgraded. The development team announced yesterday that the release of 5.2.6 was official, and development teams are encouraged to update.

PHP gets an update, adding security and stability improvements.(IMG: J.Anderson)

The newest release to PHP is focused on improving the stability of the 5.2.x branch of the core code. One of the highlights of the release announcement was the correction of six security vulnerabilities found in previous versions.The security fixes, while still being debated as to their severity, include one located by Stefan Esser, addressing incomplete multibyte chars inside escapeshellcmd(), the problems with integer overflow in printf() and a safe_mode bypass in cURL, discovered by Maksymilian Aciemowicz, were corrected too. Other fixes include a stack buffer overflow in the FastCGI SAPI (Andrei Nigmatulin) and problems in cgi_main.c (Ryan Permeh), as well as PCRE got and upgrade to 7.6.As mentioned, there is still debate over the severity of the security releases. However, development teams and webmasters should at the least update their testing environments.Change Log:
http://www.php.net/ChangeLog-5.php#5.2.6Upgrade Notes:
http://www.php.net/UPDATE_5_2.txtRelease Notes:
http://www.php.net/releases/5_2_6.php

Talkback

There are currently no comments for this article. Be the first to comment!

Security: Index; News

: Features; Reviews

Advertising

Latest

Microsoft extends battle with Google into space with launch of virtual telescope
Mars exploration mission on schedule for landing
3G expectation builds as Apple Stores run out of iPhones
BlackBerry handsets to embrace Windows Live
Cisco boosts boardroom communication with TelePresence

Advertising

Security

PHP issues security fixes in 5.2.6

Talkback

Latest

In The Tech Herald

Site

The Fine Print