Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: PHP 5.2.1 released - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP 5.2.1 released
PHP.net released their version 5.2.1 which contains a number of security fixes.
"The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible. PHP 4.4.5 with equivalent security corrections will be available shortly."

(BTW: Since you will have to recompile/test PHP anyway, take a look at security extensions from the hardened php project at www.hardened-php.net/ (in particular 'Suhosin' is nice and not too hard to install and configure)


--
Swa Frantzen -- net2s.com
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!