Mchl Posted December 5, 2008 Share Posted December 5, 2008 The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.7: * Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) * Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. * Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. * Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). * Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). * Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. * Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) * Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5. Get it while it's hot! Quote Link to comment https://forums.phpfreaks.com/topic/135628-php-527-released/ Share on other sites More sharing options...
Mchl Posted December 8, 2008 Author Share Posted December 8, 2008 Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released. Or disable magic quotes for heaven's sake! Quote Link to comment https://forums.phpfreaks.com/topic/135628-php-527-released/#findComment-709369 Share on other sites More sharing options...
PFMaBiSmAd Posted December 8, 2008 Share Posted December 8, 2008 Magic quotes WAS a security bug because it allowed bad and insecure code to function as though it was good and secure. There is also increasing evidence in the type of new bugs getting into php versions that a few of the programmers/management at php.net are not paying proper attention/thinking or have the proper skills to be messing with the language. This magic quotes problem was the result of php6 code/operation leaking into the php5.2.x branch. Quote Link to comment https://forums.phpfreaks.com/topic/135628-php-527-released/#findComment-709423 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.