PHP delivers key patches

Summary:PHP Group delivered release 5.2.6 to fix multiple security vulnerabilities.

PHP Group delivered release 5.2.6 to fix multiple security vulnerabilities.

The open source PHP Group outlined all of the changes and Secunia rated these vulnerabilities "moderately critical." Here's Secunia's breakdown of the vulnerabilities:

An unspecified error in the FastCGI SAPI can be exploited to cause a stack-based buffer overflow.

An unspecified error exists in processing incomplete multibyte characters within "escapeshellcmd()".

A security issue is caused due to an unspecified error. No further information is currently available.

An error in cURL can be exploited to bypass the "safe_mode" directive.

A boundary error in PCRE can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system.

Topics: Developer, Security


Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.