php -- multiple vulnerabilities

ID 71D903FC-602D-11DC-898C-001921AB2FA4
Type freebsd
Reporter FreeBSD
Modified 2008-01-14T00:00:00


The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson) Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson) Fixed size calculation in chunk_split() (Reported by Gerhard Wagner) Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson) Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev) Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser) Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson) Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz) Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai) Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com) Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk) Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk) Improved fix for MOPB-03-2007. Corrected fix for CVE-2007-2872.