===================================================================== CERT-Renater Note d'Information No. 2006/VULN222 _____________________________________________________________________ DATE : 04/05/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running PHP versions prior to 5.1.3. ====================================================================== http://news.php.net/php.announce/62 ______________________________________________________________________ The PHP development team is proud to announce the release of PHP 5.1.3. This release combines a few feature enhancements with a significant amount of bug fixes and resolves a number of security issues. All PHP users are encouraged to upgrade to this release as soon as possible. The security issues resolved include the following: Disallow certain characters in session names. Fixed a buffer overflow inside the wordwrap() function. Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. Enforce safe_mode for the source parameter of the copy() function. Fixed cross-site scripting inside the phpinfo() function. Fixed offset/length parameter validation inside the substr_compare() function. Fixed a heap corruption inside the session extension. Fixed a bug that would allow variable to survive unset(). The feature enhancements include the following notables: The use of the var keyword to declare properties no longer raises a deprecation E_STRICT. FastCGI interface was completely reimplemented. Multitude of improvements to the SPL, SimpleXML, GD, CURL and Reflection extensions. Support for many additional date formats added to the strtotime() function. A number of performance improvements added to the engine the core extensions. Added imap_savebody() that allows message body to be written to a file. Added lchown() and lchgrp() to change user/group ownership of symlinks. Upgraded bunbled PCRE library to version 6.6 The release also includes over 120 bug fixes with a focus on: Make auto_globals_jit work without too many INI changes. Fixed tiger hash algorithm generating wrong results on big endian platforms. Fixed a number of errors in the SOAP extension. Fixed recursion handling in the serialize() functionality. Make is_*() function account of open_basedir restrictions. Fixed a number of crashes in the DOM and PDO extensions. Addressed a number of regressions in the strtotime() extension. Make memory_limit work in Win32 systems. Fixed a deadlock in the sqlite extension caused by the sqlite_fetch_column_types() function. Fixed memory leaks in the realpath() cache. The full details of the changes in PHP 5.1.3 can be found here: http://www.php.net/ChangeLog-5.php#5.1.3 PHP Development Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================