Posts Tagged ‘security vulnerabilities’

MassTransit Enterprise [Windows]: PHP 5.2.9 Addresses Security Vulnerabilities

Wednesday, October 8th, 2008

Summary:

Group Logic recommends that customers running the MassTransit Enterprise product on Windows platforms upgrade to the latest stable release of PHP, version 5.2.9. This latest release of PHP addresses a number of important security vulnerabilities that had been introduced in earlier releases of PHP.

Description:

Group Logic recommends upgrading to PHP version 5.2.9 to address security vulnerabilities and bugs that have been introduced in earlier releases of PHP.

According to PHP.NET, the specific vulnerabilities addressed in the 5.2.9 upgrade are as follows:

  • Fixed: Fixed possible stack buffer overflow in FastCGI SAPI.
  • Fixed: Properly address incomplete multibyte chars inside escapeshellcmd().
  • Fixed: Security issue detailed in CVE-2008-0599.
  • Fixed: A safe_mode bypass in cURL.
  • Fixed a crash on extract in zip when files or directories entry names contain a relative path.
  • Fixed security issue in imagerotate(), background color isn’t validated correctly with a non truecolour image.
  • Fixed explode() behavior with empty string to respect negative limit
  • Fixed a segfault when malformed string is passed to json_decode()

For further information on the security and bug fixes incorporated within the PHP 5.2.9 release, please refer to the official PHP changelog, located at this URL:
http://www.php.net/ChangeLog-5.php

The PHP 5.2.9 release can be downloaded from MassTransit Latest Releases page.

NOTE: Group Logic cannot recommend this upgrade to MassTransit Admins operating on the Mac OS X platform due to limitations in the present distribution of PHP 5.2.9. Upgrade information will be forthcoming upon availability.