PHP 4.4.4 and PHP 5.1.5 Released

Type securityvulns
Reporter Securityvulns
Modified 2006-08-18T00:00:00


PHP 4.4.4 and PHP 5.1.5 Released

[17-Aug-2006] The PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the following changes:

* Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed an out of bounds read inside stripos() function.
* Fixed memory_limit restriction on 64 bit system.

Further details about this release can be found in the release announcements (5.1.5 and 4.4.4), and the full list of changes is available in the ChangeLogs (PHP 4, PHP 5).