PHP 5.2.4 Released

php.net 2007年08月31日 05:15 查看4210次 作者: esayr  【
文章分类:PHP5研究[新]

PHP官方在今天发布新版本PHP 5.2.4
主要改进稳定性方面,修补了120多个5.2.*的BUG.

建议所有PHP5.*的用户升级到此版本.

 

Security Enhancements and Fixes in PHP 5.2.4:

    * Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
    * Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
    * Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
    * Fixed integer overflow in str[c]spn(). (Reported by Stanislav Malyshev)
    * Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
    * Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
    * Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Stanislav Malyshev)
    * Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
    * Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
    * Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
    * Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
    * Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
    * Improved fix for MOPB-03-2007.
    * Corrected fix for CVE-2007-2872.

责任编辑:easy

给文章打分...

平均分:0.5(38 次)

-5 -4 -3 -2 -1 0 1 2 3 4 5
1

顶一下

发表我的见解...

  • 您的大名: 留空为匿名
  • 您的主页:
  • 您的邮箱: