Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14082
Return-Path: <alan@akbkhome.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 35748 invoked by uid 1010); 15 Dec 2004 23:11:39 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 35330 invoked from network); 15 Dec 2004 23:11:36 -0000
Received: from unknown (HELO newweb.akbkhome.com) (202.81.246.113)
  by pb1.pair.com with SMTP; 15 Dec 2004 23:11:36 -0000
Received: from [192.168.0.184] (helo=[192.168.0.184])
	by newweb.akbkhome.com with esmtp (Exim 4.33)
	id 1CeiXa-0004PZ-AA; Thu, 16 Dec 2004 07:26:42 +0800
Message-ID: <41C0C4E6.9050200@akbkhome.com>
Date: Thu, 16 Dec 2004 07:12:38 +0800
User-Agent: Mozilla Thunderbird 0.8+ (X11/20041030)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ilia Alshanetsky <ilia@prohost.org>
CC:  internals@lists.php.net
References: <41C0A791.3090507@prohost.org>
In-Reply-To: <41C0A791.3090507@prohost.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ACL-Warn: "cleared badlog"
Subject: Re: [PHP-DEV] PHP 4.3.10 & 5.0.3 Released!
From: alan@akbkhome.com (Alan Knowles)

Since all the CAN references are broken at present - this documents the 
bugs.
http://groups-beta.google.com/group/muc.lists.bugtraq/browse_thread/thread/7c7ae6f328f28913?tvc=2&q=CAN-2004-1064

Regards
Alan

Ilia Alshanetsky wrote:

> PHP Development Team would like to announce the immediate release of PHP
> 4.3.10 and 5.0.3. These are maintenance releases that in addition to 
> non-critical bug fixes address several very serious security issues.
>
> These include the following:
>
> CAN-2004-1018 - shmop_write() out of bounds memory write access.
> CAN-2004-1018 - integer overflow/underflow in pack() and unpack() 
> functions.
> CAN-2004-1019 - possible information disclosure, double free and 
> negative reference index array underflow in deserialization code.
> CAN-2004-1020 - addslashes not escaping \0 correctly.
> CAN-2004-1063 - safe_mode execution directory bypass.
> CAN-2004-1064 - arbitrary file access through path truncation.
> CAN-2004-1065 - exif_read_data() overflow on long sectionname.
> magic_quotes_gpc could lead to one level directory traversal with file 
> uploads.
>
> All Users of PHP are strongly encouraged to upgrade to one of these 
> releases as soon as possible.
>
> Aside from the above mentioned issues the releases include the
> following important fixes:
>
> * Possible crash inside ftp_get().
> * get_current_user() crashes on Windows.
> * Possible crash in ctype_digit on large numbers.
> * Crash when parsing ?getvariable[][.
> * Possible crash in the curl_getinfo() function.
> * Double free when openssl_csr_new fails.
> * Crash when using unknown/unsupported session.save_handler and/or 
> session.serialize_handler.
> * Prevent infinite recursion in url redirection.
> * Ensure that temporary files created by GD are removed.
> * Crash in fgetcsv() with negative length. (PHP 4 only)
> * Improved performance of the foreach() construct. (PHP 4 only)
> * Improved number handling on non-English locales.
>
> PHP Development Team would like to thank all the people who have
> identified the security faults in PHP and helped us to address them.
>
>
> PHP Development Team
>