تحديث امني php 4.4.1
صدر مؤخرا اخر اصدار من php الى 4.4.1 وهو لحل ثغرات الاصدار السابق والتي تم الابلاغ عنها
لعمل الترقيه يجب عمل كمبلاير لل php حتى يعمل وربما تواجه بعض المشاكل في الترقيه فكن حذر
Earlier this week, PHP 4.4.1 was released to production. This fixes several serious security issues. This upgrade will require a recompile of your PHP and a restart of your Apache
This is a bug fix release, which addresses some security problems too. The security issues that this release fixes are:
- Fixed a Cross Site Scripting XSS (http://www.cgisecurity.com/articles/xss-faq.shtml) vulnerability in phpinfo() that could lead f.e. to cookie exposure, when a phpinfo() script is accidently left on a production server.
- Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
- Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (http://www.hardened-php.net/globals-problem)
- Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
- Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
- Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
- Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491. (http://cve.mitre.org/cgi-bin/cvename...=CAN-2005-2491)
This release also fixes 35 other defects, where the most important is the the fix that removes a notice when passing a by-reference result of a function as a by-reference value to another function. (Bug #33558 - http://bugs.php.net/33558).
For a full list of changes in PHP 4.4.1, see the ChangeLog: http://www.php.net/ChangeLog-4.php#4.4.1
__________________
Ding Dong ;)
رد مع اقتباس
