PHP Version 5.1.0 Update Fixes Several Vulnerabilities

Type securityvulns
Reporter Securityvulns
Modified 2005-11-26T00:00:00


Details available at

from 24th Nov, 2005.

Some security-related issues from vendor's change log:

Fixed crash inside stream_get_line() when length parameter equals 0.

Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption.

shtool: insecure temporary file creation (Jani)

crash on PDO::FETCH_CLASS + __set()

PDO prepare() crashes with invalid parameters Multiple virtual() calls crash Apache 2 php module call_user_func() crashes when argument_stack is nearly full PDOStatment without related PDO object may crash ZTS: Persistent resource destruct crashes when extension is compiled as shared Buffer overflow with serialized object


Regards, Juha-Matti Laurio