PHP 5.2.12 closes security holes
The PHP developers have released version 5.2.12 of their popular programming language, fixing over 60 bugs mainly to increase stability, but also closing some security holes. While PHP 5.3 has been available since mid 2009, backwards compatibility issues with various popular PHP applications have prevented many users from upgrading. Since, as a result, the 5.2 branch is still used on numerous systems, the developers continue to update this branch.
The current update particularly prevents attackers from bypassing the safe_mode and open_basedir security functions in connection with the tempnam() and posix_mkfifo() functions. The new max_file_uploads option prevents potential DoS attacks when uploading files by limiting the number of files per upload request. Furthermore, the $_SESSION variable is now less susceptible to manipulations, and the htmlspecialchars() PHP function for converting special characters in HTML code offers enhanced string checking.