In association with heise online

04 May 2007, 10:45

New PHP versions fix numerous holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PHP 5.2.2 and 4.4.7 are now available for download. Both versions have fixed numerous vulnerabilities, many of which were detected during the Month of PHP Bugs. While version 5.2.2 lists 15 vulnerabilities in the changelog, version 4.4.7 has patched 11 bugs.

Although most of these patched vulnerabilities could only be exploited locally, they constituted major risks for users of shared web space. One vulnerability occurring during XML RPC request processing can also clearly be exploited for remote code execution and may be used to compromise the server. This bug has now been fixed in both versions.

Patches have also been provided for many other bugs that have no impact on security, and several enhancements have been added. Ubuntu and Debian have already provided new PHP packages, and other distributors will follow suit. Users are advised to upgrade to the new versions as soon as possible or to install the packages accordingly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit