Bug 228993 - PHP 5.2.1 is released
PHP 5.2.1 is released
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: php (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
David Lawrence
http://www.php.net/releases/5_2_1.php
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-16 07:34 EST by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 5.2.1-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-17 08:58:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2007-02-16 07:34:34 EST
Description of problem:
PHP 5.2.1 and PHP 4.4.5 Released

[14-Feb-2007] The PHP development team would like to announce the immediate 
availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are 
major stability and security enhancements of the 5.x and 4.4.x branches, and 
all users are strongly encouraged to upgrade to it as soon as possible. Further 
details about the PHP 5.2.1 release can be found in the release announcement 
for 5.2.1, the full list of changes is available in the ChangeLog for PHP 5. 
Details about the PHP 4.4.5 release can be found in the release announcement 
for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4. 

Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5: 
Fixed possible safe_mode & open_basedir bypasses inside the session extension.
Fixed unserialize() abuse on 64 bit systems with certain input strings.
Fixed possible overflows and stack corruptions in the session extension.
Fixed an underflow inside the internal sapi_header_op() function.
Fixed non-validated resource destruction inside the shmop extension.
Fixed a possible overflow in the str_replace() function.
Fixed possible clobbering of super-globals in several code paths.
Fixed a possible information disclosure inside the wddx extension.
Fixed a possible string format vulnerability in *print() functions on 64 bit 
systems.
Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() 
functions.
Fixed a string format vulnerability inside the odbc_result_all() function.

Security Enhancements and Fixes in PHP 5.2.1 only: 
Prevent search engines from indexing the phpinfo() page.
Fixed a number of input processing bugs inside the filter extension.
Fixed allocation bugs caused by attempts to allocate negative values in some 
code paths.
Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.
Fixed several possible buffer overflows inside the stream filters.
Memory limit is now enabled by default.
Added internal heap protection.
Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

Security Enhancements and Fixes in PHP 4.4.5 only: 
Fixed possible overflows inside zip & imap extensions.
Fixed a possible buffer overflow inside mail() function on Windows.
Unbundled the ovrimos extension.

The majority of the security vulnerabilities discovered and resolved can in 
most cases be only abused by local users and cannot be triggered remotely. 
However, some of the above issues can be triggered remotely in certain 
situations, or exploited by malicious local users on shared hosting setups 
utilizing PHP as an Apache module. Therefore, we strongly advise all users of 
PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as 
soon as possible. 

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is 
available here, detailing the changes between those releases and PHP 5.2.1.

Version-Release number of selected component (if applicable):
php-5.2.0-10

Expected results:
Upgrade to 5.2.1 ;-)
Comment 1 Robert Scheck 2007-02-17 08:58:09 EST
PHP 5.2.1 was pushed to Rawhide, thanks and closing.

Note You need to log in before you can comment on or make changes to this bug.