Jaslabs: High performance Software

by Justin Silverton

php 5.2.1 has been officially released

The following are some new security fixes/improvements:

• Fixed possible safe_mode & open_basedir bypasses inside the session extension.
• Prevent search engines from indexing the phpinfo() page.
• Fixed a number of input processing bugs inside the filter extension.
• Fixed unserialize() abuse on 64 bit systems with certain input strings.
• Fixed possible overflows and stack corruptions in the session extension.
• Fixed an underflow inside the internal sapi_header_op() function.
• Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
• Fixed possible stack overflows inside zip, imap & sqlite extensions.
• Fixed several possible buffer overflows inside the stream filters.
• Fixed non-validated resource destruction inside the shmop extension.
• Fixed a possible overflow in the str_replace() function.
• Fixed possible clobbering of super-globals in several code paths.
• Fixed a possible information disclosure inside the wddx extension.
• Fixed a possible string format vulnerability in *print() functions on 64 bit systems.

PHP 4.4.5 with equivalent security corrections will be available shortly.

Upgrade instructions are also available here