| May 06, 2008 |
PHP 5.2.6 Released
PHP has released version 5.2.6 to address multiple vulnerabilities. These vulnerabilities include
- an error in FastCGI SAPI which may result stack-based buffer overflow
- an integer overflow in printf()
- an error in init_request_info(), which may result in a buffer overflow
- an error in cURL, which may result in safe_mode bypass
- improper handling of input passed to escapeshellcmd()
- a boundary error in the bundled version of the PCRE library
These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.
US-CERT encourages users to review the PHP 5.2.6 Release Announcement and update to version 5.2.6. |