Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14077
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75978 invoked by uid 1010); 15 Dec 2004 21:09:28 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 66889 invoked from network); 15 Dec 2004 21:07:32 -0000
Received: from unknown (HELO prohost.org) (216.126.86.27)
  by pb1.pair.com with SMTP; 15 Dec 2004 21:07:32 -0000
Received: (qmail 2255 invoked from network); 15 Dec 2004 21:07:30 -0000
Received: from cpe0050bad46dce-cm000f9f7d6664.cpe.net.cable.rogers.com (HELO ?192.168.1.101?) (@69.196.31.138)
  by prohost.org with SMTP; 15 Dec 2004 21:07:30 -0000
Message-ID: <41C0A791.3090507@prohost.org>
Date: Wed, 15 Dec 2004 16:07:29 -0500
User-Agent: Mozilla Thunderbird 1.0 - [MOOX M3] (Windows/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  internals@lists.php.net,  pear@lists.php.net,  general@lists.php.net
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: PHP 4.3.10 & 5.0.3 Released!
From: ilia@prohost.org (Ilia Alshanetsky)

PHP Development Team would like to announce the immediate release of PHP
4.3.10 and 5.0.3. These are maintenance releases that in addition to 
non-critical bug fixes address several very serious security issues.

These include the following:

CAN-2004-1018 - shmop_write() out of bounds memory write access.
CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions.
CAN-2004-1019 - possible information disclosure, double free and 
negative reference index array underflow in deserialization code.
CAN-2004-1020 - addslashes not escaping \0 correctly.
CAN-2004-1063 - safe_mode execution directory bypass.
CAN-2004-1064 - arbitrary file access through path truncation.
CAN-2004-1065 - exif_read_data() overflow on long sectionname.
magic_quotes_gpc could lead to one level directory traversal with file 
uploads.

All Users of PHP are strongly encouraged to upgrade to one of these 
releases as soon as possible.

Aside from the above mentioned issues the releases include the
following important fixes:

* Possible crash inside ftp_get().
* get_current_user() crashes on Windows.
* Possible crash in ctype_digit on large numbers.
* Crash when parsing ?getvariable[][.
* Possible crash in the curl_getinfo() function.
* Double free when openssl_csr_new fails.
* Crash when using unknown/unsupported session.save_handler and/or 
session.serialize_handler.
* Prevent infinite recursion in url redirection.
* Ensure that temporary files created by GD are removed.
* Crash in fgetcsv() with negative length. (PHP 4 only)
* Improved performance of the foreach() construct. (PHP 4 only)
* Improved number handling on non-English locales.

PHP Development Team would like to thank all the people who have
identified the security faults in PHP and helped us to address them.


PHP Development Team