Last Updated: 2007-06-01 08:20:25 UTC
by Swa Frantzen (Version: 1)
From the release notes following security improvements have been made:
- Fixed an integer overflow inside chunk_split() (CVE-2007-2872)
- Fixed possible infinite loop in imagecreatefrompng. (CVE-2007-2756)
- Fixed ext/filter Email Validation Vulnerability (CVE-2007-1900)
- Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath ())
- Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
- Added mysql_set_charset() to allow runtime altering of connection encoding.
Take care with the fixes not listed as security related as there seem to be at least a few of them that are interesting from either a security application point of view, or just from an availability point of view. E.g.:
- Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
- Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
If you are on the 5.2 branch best to upgrade ASAP to 5.2.3 .
Swa Frantzen -- NET2S