PHP Version 5.1.0 Update Fixes Several Vulnerabilities

2005-11-26T00:00:00
ID SECURITYVULNS:DOC:10368
Type securityvulns
Reporter Securityvulns
Modified 2005-11-26T00:00:00

Description

Details available at http://www.php.net/ChangeLog-5.php#5.1.0

from 24th Nov, 2005.

Some security-related issues from vendor's change log:

Fixed crash inside stream_get_line() when length parameter equals 0.

Fixed potential GLOBALS overwrite via import_request_variables() and possible crash and/or memory corruption.

shtool: insecure temporary file creation (Jani) http://bugs.php.net/33150

crash on PDO::FETCH_CLASS + __set() http://bugs.php.net/35336

PDO prepare() crashes with invalid parameters http://bugs.php.net/35303

http://bugs.php.net/35278 Multiple virtual() calls crash Apache 2 php module

http://bugs.php.net/35229 call_user_func() crashes when argument_stack is nearly full

http://bugs.php.net/35135 PDOStatment without related PDO object may crash

http://bugs.php.net/35009 ZTS: Persistent resource destruct crashes when extension is compiled as shared

http://bugs.php.net/34045 Buffer overflow with serialized object

etc.

Regards, Juha-Matti Laurio