=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN677
_____________________________________________________________________

DATE                      : 31/10/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running PHP.

======================================================================

http://www.php.net/release_4_4_1.php

PHP 4.4.1. Release Announcement

The PHP Development Team would like to announce the immediate
release of PHP 4.4.1.

This is a bug fix release, which addresses some security problems
too. The security issues that this release fixes are:

     * Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo()
       that could lead f.e. to cookie exposure, when a phpinfo() script
       is accidently left on a production server.
     * Fixed multiple safe_mode/open_basedir bypass vulnerabilities in
       ext/curl and ext/gd that could lead to exposure of files normally
       not accessible due to safe_mode or open_basedir restrictions.
     * Fixed a possible $GLOBALS overwrite problem in file upload
       handling, extract() and import_request_variables() that could
       lead to unexpected security holes in scripts assumed secure.
     * Fixed a problem when a request was terminated due to memory_limit
       constraints during certain parse_str() calls. In some cases this
       can result in register_globals being turned on.
     * Fixed an issue with trailing slashes in allowed basedirs. They
       were ignored by open_basedir checks, so that specified basedirs
       were handled as prefixes and not as full directory names.
     * Fixed an issue with calling virtual() on Apache 2. This allowed
       bypassing of certain configuration directives like safe_mode or
       open_basedir.
     * Updated to the latest pcrelib to fix a possible integer overflow
       vulnerability announced in CAN-2005-2491.

This release also fixes 35 other defects, where the most important is
the the fix that removes a notice when passing a by-reference result
of a function as a by-reference value to another function. (Bug #33558).

For a full list of changes in PHP 4.4.1, see the ChangeLog.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================