[nugensoftware]

Vulnerabilities: http://secunia.com/advisories/16502
PHP 4.4.1 Release Notes: http://www.php.net/release_4_4_1.php
Advisories: http://www.hardened-php.net/advisories.15.html

Shout goes out over PHP security bugs
The script's a killer
By John Leyden
Published Tuesday 1st November 2005 15:38 GMT

Quote:

Security researchers have identified numerous new vulnerabilities in PHP - the popular, open source web development environment. The critical security flaws create a possible means for hackers to conduct cross-site scripting attacks, bypass certain security restrictions or even (at least potentially) compromise a vulnerable system.

The vulnerabilities are reported to affect PHP versions 4.4.0 and prior. Users are advised to update to version 4.4.1 (release notes here). Most of this batch of PHP security vulnerabilities (summary) were discovered by Stefan Esser, of the Hardened-PHP Project, which has published a series of advisories here.

The security bugs described by the Hardened-PHP Project are yet to be developed into s'kiddie friendly exploits. But the past appearance of PHP-targeting worms, and the damage they caused, really ought to prompt the rapid deployment of security updates. ®

PHP 4.4.1

Quote:

PHP 4.4.1. Release Announcement

The PHP Development Team would like to announce the immediate release of PHP 4.4.1.

This is a bug fix release, which addresses some security problems too. The security issues that this release fixes are:

* Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo() that could lead f.e. to cookie exposure, when a phpinfo() script is accidently left on a production server.
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
* Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (For more information, see here).
* Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
* Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
* Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
* Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.

This release also fixes 35 other defects, where the most important is the the fix that removes a notice when passing a by-reference result of a function as a by-reference value to another function. (Bug #33558).

For a full list of changes in PHP 4.4.1, see the ChangeLog.