Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - PHP Group has released PHP version 5.2.8 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PHP Group has released PHP version 5.2.8

Published: 2008-12-10
Last Updated: 2008-12-10 07:32:54 UTC
by Stephen Hall (Version: 1)
0 comment(s)

Our reader Roseman, dropped us an e-mail (which eventually arrived):

From US-CERT:
"The PHP Group has released PHP version 5.2.8 to address a vulnerability in the magic_quotes functionality. This vulnerability was introduced in PHP version 5.2.7. In addition to correcting this regression, PHP version 5.2.8 addresses a number of vulnerabilities that were originally addressed by version 5.2.7.

US-CERT encourages users to upgrade to PHP 5.2.8 or implement the workaround as described in the PHP 5.2.8 Release Announcement."

From PHP:
"PHP 5.2.8 Release Announcement

The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.8.

For a full list of changes in PHP 5.2.8, see the ChangeLog."
 

More details here :

http://www.php.net/releases/5_2_8.php
http://www.php.net/ChangeLog-5.php#5.2.8
http://bugs.php.net/bug.php?id=42718

Keywords: php
0 comment(s)
Diary Archives