News

PHP 5.2.5 beats down PHP 5.2.4

By admin ⋅ November 19, 2007 ⋅  Send this to a friend.. ⋅  Print this article. ⋅ Post a comment ⋅ Add to Technorati Favorites

The PHP development team have announced the latest version of PHP i.e PHP 5.2.5 after the previous version of PHP 5.2.4.The release of PHP 5.2.5 stresses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related where as PHP 5.2.4 version stresses on improving the stability of the PHP 5.2.X branch with over 120 various bug fixes in addition to resolving several low priority security bugs.

The various enhancements done in these two version are as follow:-

Security Enhancements and Fixes in PHP 5.2.4:-
* Fixed a floating point exception inside wordwrap().
* Fixed several integer overflows inside the GD extension.
* Fixed size calculation in chunk_split() .
* Fixed integer overflow in str[c]spn().
* Fixed money_format() not to accept multiple %i or %n tokens.
* Fixed zend_alter_ini_entry() memory_limit interruption vulnerability.
* Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active.
* Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode.
* Fixed a possible invalid read in glob() win32 implementation.
* Fixed a possible buffer overflow in php_openssl_make_REQ.
* Fixed an open_basedir bypass inside glob() function.
* Fixed a possible open_basedir bypass inside session extension when the session file is a symlink.
* Improved fix for MOPB-03-2007.
* Corrected fix for CVE-2007-2872.

Key enhancements in PHP 5.2.4 include:-
* Upgraded PCRE to version 7.2
* Added persistent connection status checker to pdo_pgsql.
* Fixed oci8 and PDO_OCI extensions to allow configuring with Oracle 11g client libraries.
* Fixed bug #41831.
* Fixed bug #41770.
* Fixed bug #41713.
* It fixes over 120 bug.

Security Enhancements and Fixes in PHP 5.2.5:-
* Fixed dl() to only accept filenames.
* Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
* Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences.
* Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions.
* Fixed “mail.force_extra_parameters” php.ini directive not to be modifiable in .htaccess due to the security implications.
* Fixed bug #42869.
* Fixed bug #41561.

Key enhancements in PHP 5.2.5 include:-
* Upgraded PCRE to version 7.3
* Updated timezone database to version 2007.9
* Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
* Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
* Fixed bug #43139.
* Fixed bug #42785.
* Fixed bug #42549.
* It fixes over 60 bug.

For download latest version click here:- PHP 5.2.5

(1 votes, average: 4 out of 5)

 Loading ...

You might also like...