Zoid Technologies

choices

  • skip navigation
  • about
  • rate information
  • home
  • member options
  • news
  • polls
  • projects
  • rssfeeds
  • sigs

authenticate



  • security fixes included in latest release of php (5.2.5)

    posted on Thursday 2007-11-15 09:56 PM EST by jonez [#1] to the security sig.

    security fixes in the latest release of php include:

    • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
    • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
    • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
    • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
    • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
    • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
    • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
    information regarding other changes for the new release are here: php release 5.2.5, and a thanks to gunn for alerting me to the new release.

    • view
    • reply to this
    (0 replies)
"People who speak in metaphors should shampoo my crotch." - jack nicholson, "as good as it gets"
  • home
  • wpprop help
  • external link notice

© 2002-2008 Zoid Technologies. All Rights Reserved. Comments are owned by the poster. All trademarks acknowledged.


  • validate css
  • validate xhtml
  • Get Firefox!
  • Save the Net
  • powered by smarty
  • powered by php5
  • powered by postgresql