PHP Version 5.3.4 Released

Alongside other bug fixes and enhancements, version 5.3.4 contains the following security fixes:

Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).

References:
http://www.php.net/archive/2010.php#id2010-12-10-1

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply