Maharani Posted February 18, 2012 Report Share Posted February 18, 2012 Attention: All users who using PHP Dear valued customers, We was alerted by members that there is several bugs in PHP which can caused DoS (Denial of Service). Details as follow: Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: Handling Temporary files in PEAR Installer. - Discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. Null Pointer Deferences code. - Discovered that a NULL pointer dereference in the zend_strndup() function could lead to DoS. - Discovered that a NULL pointer dereference in the tidy_diagnose() function could lead to DoS. Handling of PDO Row object code - Discovered that missing checks in the handling of PDORow objects could lead to denial of service. Magic Quotes disable Remotely. - It was discovered that the magic_quotes_gpc setting could be disabled remotely All users are recomended to update their respective PHP 5 packages. Details as follow: a) For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze8. b ) For the unstable distribution (sid), this problem has been fixed in version 5.3.10-1. ?? Quote Link to comment Share on other sites More sharing options...
Cody R. Posted February 18, 2012 Report Share Posted February 18, 2012 We upgraded PHP 5.3 to 5.3.10 on every machine when this was first disclosed. It may be worth mentioning by default we run PHP 5.2.17 (latest stable of that branch) which was not affected by this. Thanks for keeping us on our toes Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.