نکته امنیتی مهم برای php 4.4.4
PHP.net has Announced PHP 4.4.4 and PHP 5.1.5
I'm happy to see PHP.net is finally working a little faster at updating security issues with their products. The time it took from 4.4.2 to 4.4.3 was a bit out of line - now they have found more problems and release a PHP 4.4.4 patch just 14 days after the 4.4.3 release addressing a number of critial security issues:
* Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5.1.5 with realpath cache.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed an out of bounds read inside stripos() function.
* Fixed memory_limit restriction on 64 bit system.
Further details about this release can be found in the release announcements (5.1.5 and 4.4.4), and the full list of changes is available in the ChangeLogs (PHP
4, PHP 5).
How do I update PHP to the latest version?
That depends on the control panel you are using (if any). You can grab the latest release source and compile it or if you're using a Cpanel based system issue the command
/scripts/easyapache and select PHP 4.4.4 in the PHP menu.
How do I know what version of PHP I am using?
You can get your servers PHP version using the following methods:
1) create a phpinfo.php page and upload it to your web directory, then call it in your browser.
EG: phpinfo.php
phpinfo();
Then http://myserver.com/phpinfo.php
2) If you have shell access type in the following command:
php -v
پاسخ با نقل قول