PHP plugs security holes

PHP plugs security holes

Summary: The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.With PHP 5.

SHARE:

The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.

With PHP 5.2.9 (see changeLog), the PHP development team corrects a total of 50 bugs, including a publicly-known flaw that allows attackers to read the contents of arbitrary memory locations in certain situations.

Here's the skinny on that issue, which is rated medium-severity:

  • Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

The other security fixes in PHP 5.2.9 are:

  • Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
  • Fixed explode() behavior with empty string to respect negative limit. (Shire)
  • Fixed a segfault when malformed string is passed to json_decode(). (Scott)

ALSO SEE:

Flaw trifecta kicks off Month of PHP Bugs

Controversial ‘month of bugs’ getting security results

Topics: Software Development, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • RE: PHP plugs security holes

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut