The version of PHP 4.4.9 addresses multiple vulnerabilities
Several vulnerabilities have been discovered in PHP 4.4.x that could allow an attacker remote access to sensitive information, cause a denial of service or compromise a vulnerable system.
PHP is an interpreted language widely used general purpose, which is designed for Web development and can be embedded within HTML code. PHP is geared to creating dynamic Web pages, running on a web server (server-side scripting), so that the first one takes the code in PHP as entry and returned web pages as output.
The following are security problems are fixed in the latest version:
- The first vulnerability involves multiple errors in the library PCRE (Perl Compatible Regular Expressions) that could be exploited to access sensitive information, cause a denial of service or compromise a vulnerable system.
- The second vulnerability is caused by an unspecified error in "imageloadfont." A remote attacker could cause the system to stop responding by using an invalid.
- The third vulnerability is an unspecified error in the "curl" relating to the management of the function "open_basedir".
- The latest vulnerability is caused by a failure of overflow in "memnstr" which could be exploited by an attacker to execute arbitrary code.
The vulnerabilities are confirmed in version 4.4.8 and all previous.
We recommend you upgrade to version 4.4.9 or higher, available
from:
http://www.php.net/downloads.php
More information
PHP 4 ChangeLog version 4.4.9
http://www.php.net/ChangeLog-4.php # 4.4.9
Pablo Molina
