paul Posted July 27, 2010 Report Share Posted July 27, 2010 This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Security Enhancements and Fixes in PHP 5.2.14: * Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). * Fixed a possible interruption array leak in strrchr().(CVE-2010-2484) * Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). * Fixed a possible memory corruption in substr_replace(). * Fixed SplObjectStorage unserialization problems (CVE-2010-2225). * Fixed a possible stack exaustion inside fnmatch(). * Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). * Fixed handling of session variable serialization on certain prefix characters. * Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Link to comment Share on other sites More sharing options...
Recommended Posts