And now, security updates also for PHP4
Just under a week ago the developers of PHP fixed a number of security vulnerabilities, which could be exploited by attackers locally, in shared hosting environments and partly also remotely, by releasing PHP 5.2.1. They have now gone one better by releasing a fixed version of the still widely used version 4 branch of PHP.
According to the release notes, the bugs fixed are the same bugs as had affected version 5. These included buffer overflows, the ability to circumvent the security offered by safe_mode and open_basedir and 'format string' vulnerabilities. The complete ChangeLog gives a very undetailed overview of the changes. The developers recommend updating as soon as possible.
- PHP 4.4.5 Release Announcement, announcement from the PHP developers
- Complete ChangeLog for PHP 4.4.5
- Download the current PHP4 source code