Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: PHP 5.2.1 released - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP 5.2.1 released released their version 5.2.1 which contains a number of security fixes.
"The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible. PHP 4.4.5 with equivalent security corrections will be available shortly."

(BTW: Since you will have to recompile/test PHP anyway, take a look at security extensions from the hardened php project at (in particular 'Suhosin' is nice and not too hard to install and configure)

Swa Frantzen --

760 Posts
Feb 9th 2007

Sign Up for Free or Log In to start participating in the conversation!