Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

November 2009
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



PHP 5.3.1 released for 5 security flaws, 113 bugs

By Sean Michael Kerner on November 20, 2009 10:28 AM
php.gif
From the 'Yum/Apt-Get Update' files:

The first update to PHP 5.3 is now available providing 5 security fixes in addition a long list of bug fixes to the popular open source dynamic language.

PHP 5.3 was released at the end of June, so the 5.3.1 point update has been in the works for five months at this point.

On the security fix front two of the bug fixes are for safe mode items which could have left a PHP system at risk:
  • Fixed a safe_mode bypass in tempnam().
  • Fixed bug #50063 (safe_mode_include_dir fails).
The three other fixes are a collection of different issues.

Among them is a new "max_file_uploads" INI directive, which according to the PHP 5.3.1 release notes, "...can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion."

Sanity check are added to exif processing and there is a fix for an open_basedir bypass in posix_mkfifo().

While the security fixes are obviously an important reason for PHP users to migrate immediately, the long list of non-security items is also noteworthy.

There are 113 named PHP bugs that have been fixed in PHP 5.3.1.

On top of that there are an additional 28 improvements in PHP 5.3.1 that don't have an official PHP bug number attached to them. So the grand total of items addressed in the PHP 5.3.1 update is (5 security + 113 numbered bugs + 28 un-numbered bugs) 146 items.  That's not a trivial amount of change in a code base.

And you wonder why pessimists like me NEVER update to the first new major point version of a PHP release.

Make no mistake about it PHP 5.3 is a major release up from PHP 5.2.  Now with the availability of the first update to PHP 5.3, I think it's time for PHP users to take serious look at migrating from their legacy PHP 5.x installations.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: PHP 5.3.1 released for 5 security flaws, 113 bugs .

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9315

Leave a comment