PHP 5.2.5 security issues
Posted by Nico Golde in
Monday, November 12. 2007
php 5.2.5 was just released.
Fefe makes fun of this release because of:
Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
while Heise says that these vulnerabilities are fixed in pcre 7.4.
These vulnerabilities are namely CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767 and CVE-2007-4768
While I agree with him that PHP is crap, his blog post is wrong or let's say the information provided by Heise is not precise.
All those issues were fixed in the 7.3 release so there is no reason to worry about those vulnerabilities being open in the new php release, however the 7.4 release fixes some regressions introduced with 7.3 but those are (from what I see) not security relevant. So Heise is not wrong, the issues are fixed in 7.4 however they are also in 7.3
Fefe makes fun of this release because of:
Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
while Heise says that these vulnerabilities are fixed in pcre 7.4.
These vulnerabilities are namely CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767 and CVE-2007-4768
While I agree with him that PHP is crap, his blog post is wrong or let's say the information provided by Heise is not precise.
All those issues were fixed in the 7.3 release so there is no reason to worry about those vulnerabilities being open in the new php release, however the 7.4 release fixes some regressions introduced with 7.3 but those are (from what I see) not security relevant. So Heise is not wrong, the issues are fixed in 7.4 however they are also in 7.3
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Calendar
|
November '15 | |||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Quicksearch
Support
Recent Entries
- E-Plus GSM privacy/TMSI allocation leak
- Thursday, October 11 2012
- Exploiting the Ubiquisys/SFR femtocell webserver (wsal/shttpd/mongoose/yassl embedded webserver)
- Wednesday, August 3 2011
- So what happened recently...
- Wednesday, April 6 2011
- Sunday, February 6 2011
- exim remote vulnerability
- Thursday, December 9 2010
- Will my Phone Show An Unencrypted Connection?
- Wednesday, September 8 2010
- smpCTF 2010 quals writeups
- Sunday, August 8 2010
- protocol design fail: MMS notification
- Wednesday, July 28 2010
- acrobat reader stealing my passwords
- Tuesday, June 29 2010
- UnrealIRCd backdoored
- Saturday, June 12 2010
Syndicate This Blog
Categories
Tag cloud
23c3 acpi advertising annouce announce april argh art awards bash blogging bugs c cli code conferences config configuration data mining debconf debian dell dns documentation email errm? events exploit fail fail2ban filesharing films flame fun gcc google graphs grml gsm hacking hacks hardware heise images information installation internet irc knowledge libacpi links linux mobile phones network news newsbeuter omg open source opera passwords php power privacy programming qa random blurb rant release releases rss scripts security service setup shell sms software spam ssh stfl stuff terminal tests text mode tip tips tools troubleshooting unix user video vim.editing web web 2.0 websites wordpress wtf www youtube zsh