The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
- Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
- Fixed crash in com_print_typeinfo when an invalid typelib is given.
(Pierre)
- Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
- Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
- Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
- Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
- Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
- Fixed bug #49098 (mysqli segfault on error). (Rasmus)
- Over 50 other bug fixes.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin.
(CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
- Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
- Fixed crash in com_print_typeinfo when an invalid typelib is given.
(Pierre)
- Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
- Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
- Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
- Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
- Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
- Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
- Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
- Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
- Fixed bug #49098 (mysqli segfault on error). (Rasmus)
- Over 50 other bug fixes.
Set as favorite
Bookmark
Email this
Hits: 988
Trackback(0)
TrackBack URI for this entry
Comments (1)
Write comment
Newer news items:
- 25/02/2010 04:21 - Zend Server 5.0 Released!
Older news items:
- 07/08/2009 12:03 - Zend Launches Major New Release of its Zend Studio PHP IDE
- 04/08/2009 08:17 - PHP TestFest 2009 Winners
- 13/07/2009 12:22 - PHP TestFest 2009
- 22/06/2009 05:48 - PHP 5.3.0RC4 Release
- 15/06/2009 16:22 - PHP Release And Announcements
Free - Magazines
My Tweets
more info...!
Chat
Please login to be able to chat.
