New PHP versions fix numerous holes
PHP 5.2.2 and 4.4.7 are now available for download. Both versions have fixed numerous vulnerabilities, many of which were detected during the Month of PHP Bugs. While version 5.2.2 lists 15 vulnerabilities in the changelog, version 4.4.7 has patched 11 bugs.
Although most of these patched vulnerabilities could only be exploited locally, they constituted major risks for users of shared web space. One vulnerability occurring during XML RPC request processing can also clearly be exploited for remote code execution and may be used to compromise the server. This bug has now been fixed in both versions.
Patches have also been provided for many other bugs that have no impact on security, and several enhancements have been added. Ubuntu and Debian have already provided new PHP packages, and other distributors will follow suit. Users are advised to upgrade to the new versions as soon as possible or to install the packages accordingly.
- PHP 4.4.7 Release Announcement, announcement on php.net
- PHP 4.4.7 Release Announcement, announcement on php.net
- PHP 4.4.7 Release Announcement, announcement by Ubuntu
- New php5 packages fix several vulnerabilities, advisory by Debian
- New php4 packages fix several vulnerabilities, advisory by Debian
(mba)