PHP开发组将会立即宣布PHP 5.2.4的可用性。这个版本集中注意在通过除了解决一些低优先级安全漏洞外的超过120个错误修复来提高PHP 5.2.X分支版本的稳定性上。所有的PHP用户都被鼓励升级到这个版本。
关于PHP 5.2.4的更详细的资料可以在5.2.4的发布通知里找到,完全的更改列表在PHP 5的更改日志。
Security Enhancements and Fixes in PHP 5.2.4:
- Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
- Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
- Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
- Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
- Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
- Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
- Fixed
INFILE LOCAL option handling with MySQL extensions not to be allowed
when open_basedir or safe_mode is active. (Reported by Mattias
Bengtsson)
- Fixed session.save_path and error_log values to
be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported
by Maksymilian Arciemowicz)
- Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
- Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
- Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
- Fixed
a possible open_basedir bypass inside session extension when the
session file is a symlink (Reported by c dot i dot morris at durham dot
ac dot uk)
- Improved fix for MOPB-03-2007.
- Corrected fix for CVE-2007-2872.
For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is
available here, detailing the changes between
those releases and PHP 5.2.4.
|