Vahid
August 9th, 2008, 13:43
PHP.net has Announced PHP 4.4.4 and PHP 5.1.5
I'm happy to see PHP.net is finally working a little faster at updating security issues with their products. The time it took from 4.4.2 to 4.4.3 was a bit out of line - now they have found more problems and release a PHP 4.4.4 (http://www.php.net/downloads.php#v4) patch just 14 days after the 4.4.3 release addressing a number of critial security issues:
* Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed an out of bounds read inside stripos() function.
* Fixed memory_limit restriction on 64 bit system.
Further details about this release can be found in the release announcements (5.1.5 (http://www.php.net/release_5_1_5.php) and 4.4.4 (http://www.php.net/release_4_4_4.php)), and the full list of changes is available in the ChangeLogs (PHP (http://www.php.net/ChangeLog-4.php#4.4.4)
4 (http://www.php.net/ChangeLog-4.php#4.4.4), PHP 5 (http://www.php.net/ChangeLog-5.php#5.1.5)).
How do I update PHP to the latest version?
That depends on the control panel you are using (if any). You can grab the latest release source (http://www.php.net/downloads.php#v4)and compile it or if you're using a Cpanel based system issue the command
/scripts/easyapache and select PHP 4.4.4 in the PHP menu.
How do I know what version of PHP I am using?
You can get your servers PHP version using the following methods:
1) create a phpinfo.php page and upload it to your web directory, then call it in your browser.
EG: phpinfo.php
phpinfo();
Then http://myserver.com/phpinfo.php
2) If you have shell access type in the following command:
php -v
I'm happy to see PHP.net is finally working a little faster at updating security issues with their products. The time it took from 4.4.2 to 4.4.3 was a bit out of line - now they have found more problems and release a PHP 4.4.4 (http://www.php.net/downloads.php#v4) patch just 14 days after the 4.4.3 release addressing a number of critial security issues:
* Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed an out of bounds read inside stripos() function.
* Fixed memory_limit restriction on 64 bit system.
Further details about this release can be found in the release announcements (5.1.5 (http://www.php.net/release_5_1_5.php) and 4.4.4 (http://www.php.net/release_4_4_4.php)), and the full list of changes is available in the ChangeLogs (PHP (http://www.php.net/ChangeLog-4.php#4.4.4)
4 (http://www.php.net/ChangeLog-4.php#4.4.4), PHP 5 (http://www.php.net/ChangeLog-5.php#5.1.5)).
How do I update PHP to the latest version?
That depends on the control panel you are using (if any). You can grab the latest release source (http://www.php.net/downloads.php#v4)and compile it or if you're using a Cpanel based system issue the command
/scripts/easyapache and select PHP 4.4.4 in the PHP menu.
How do I know what version of PHP I am using?
You can get your servers PHP version using the following methods:
1) create a phpinfo.php page and upload it to your web directory, then call it in your browser.
EG: phpinfo.php
phpinfo();
Then http://myserver.com/phpinfo.php
2) If you have shell access type in the following command:
php -v