[Ben]

PHP-Version 4.4.1 wurde veröffentlicht

http://www.php.net/release_4_4_1.php

Zitat:

This is a bug fix release, which addresses some security problems too. The security issues that this release fixes are:

* Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo() that could lead f.e. to cookie exposure, when a phpinfo() script is accidently left on a production server.
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
* Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (For more information, see here).
* Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
* Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
* Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
* Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.

This release also fixes 35 other defects, where the most important is the the fix that removes a notice when passing a by-reference result of a function as a by-reference value to another function. (Bug #33558).

Changelog (komplett) der neuesten 4er-Version:

Zitat:

Version 4.4.1
31-Oct-2005

* Added missing safe_mode checks for image* functions and cURL.
* Added missing safe_mode/open_basedir checks for file uploads.
* Fixed a memory corruption bug regarding included files.
* Fixed possible INI setting leak via virtual() in Apache 2 sapi.
* Fixed possible crash and/or memory corruption in import_request_variables().
* Fixed potential GLOBALS overwrite via import_request_variables().
* Fixed possible GLOBALS variable override when register_globals are ON.
* Fixed possible register_globals toggle via parse_str().
* Added "new_link" parameter to mssql_connect(). Bug #34369.
* Fixed bug #34850 (--program-suffix and --program-prefix not included in man page names).
* Fixed bug #34790 (preg_match_all(), named capturing groups, variable assignment/return => crash).
* Fixed bug #34742 (ftp wrapper failures caused from segmented command transfer).
* Fixed bug #34704 (Infinite recursion due to corrupt JPEG).
* Fixed bug #34645 (ctype corrupts memory when validating large numbers).
* Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
* Fixed bug #34557 (php -m exits with "error" 1).
* Fixed bug #34456 (Possible crash inside pspell extension).
* Fixed bug #34311 (unserialize() crashes with chars above 191 dec).
* Fixed bug #34307 (on_modify handler not called to set the default value if setting from php.ini was invalid).
* Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
* Fixed bug #34277 (array_filter() crashes with references and objects).
* Fixed bug #34191 (ob_gzhandler does not enforce trailing \0).
* Fixed bug #34156 (memory usage remains elevated after memory limit is reached).
* Fixed bug #34148 (+,- and . not supported as parts of scheme).
* Fixed bug #34137 (assigning array element by reference causes binary mess).
* Fixed bug #34068 (Numeric string as array key not cast to integer in wddx_deserialize()).
* Fixed bug #34064 (arr[] as param to function is allowed only if function receives argument by reference).
* Fixed bug #33989 (extract($GLOBALS,EXTR_REFS) crashes PHP).
* Fixed bug #33987 (php script as ErrorDocument causes crash in Apache 2).
* Fixed bug #33940 (array_map() fails to pass by reference when called recursively).
* Fixed bug #33690 (Crash setting some ini directives in httpd.conf).
* Fixed bug #33673 (Added detection for partially uploaded files).
* Fixed bug #33648 (Using --with-regex=system causes compile failure).
* Fixed bug #33558 (Warning with nested calls to functions returning by reference).
* Fixed bug #33383 (crash when retrieving empty LOBs).
* Fixed bug #33156 (cygwin version of setitimer doesn't accept ITIMER_PROF).
* Fixed bug #32937 (open_basedir looses trailing / in the limiter).
* Fixed bug #32589 (possible crash inside imap_mail_compose() function).
* Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references).
* Fixed bug #32160 (copying a file into itself leads to data loss).
* Fixed bug #31158 (array_splice on $GLOBALS crashes).
* Fixed bug #29983 (PHP does not explicitly set mime type & charset).
* Fixed bug #29253 (array_diff with $GLOBALS argument fails).
* Fixed bug #21306 (ext/sesssion: catch bailouts of write handler during RSHUTDOWN).

http://www.php.net/ChangeLog-4.php#4.4.1

Download:
http://www.php.net/downloads.php#v4


Bezüglich der Sicherheitsupdates siehe auch:
http://forum.developers-guide.net/thread480.html

Grüße Ben.