Thomas Biege
2009-11-20 10:41:50 UTC
Hello,
PHP was updated to version 5.3.1 and did also address security
issues: http://www.php.net/releases/5_3_1.php
Security Enhancements and Fixes in PHP 5.3.1:
* Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
* Added missing sanity checks around exif processing.
* Fixed a safe_mode bypass in tempnam().
* Fixed a open_basedir bypass in posix_mkfifo().
* Fixed bug #50063 (safe_mode_include_dir fails).
* Fixed bug #44683 (popen crashes when an invalid mode is passed).
PHP was updated to version 5.3.1 and did also address security
issues: http://www.php.net/releases/5_3_1.php
Security Enhancements and Fixes in PHP 5.3.1:
* Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
* Added missing sanity checks around exif processing.
* Fixed a safe_mode bypass in tempnam().
* Fixed a open_basedir bypass in posix_mkfifo().
* Fixed bug #50063 (safe_mode_include_dir fails).
* Fixed bug #44683 (popen crashes when an invalid mode is passed).
--
Bye,
Thomas
--
Thomas Biege <thomas-***@public.gmane.org>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
Bye,
Thomas
--
Thomas Biege <thomas-***@public.gmane.org>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach