Description
This alert was generated using only banner information. It may be a false positive.
This release is a major stability and security enhancement of the 5.X branch, and all users are strongly encouraged to upgrade to it as soon as possible.
Security Enhancements and Fixes in PHP 5.2.1:
- Fixed possible safe_mode & open_basedir bypasses inside the session extension.
- Prevent search engines from indexing the phpinfo() page.
- Fixed a number of input processing bugs inside the filter extension.
- Fixed unserialize() abuse on 64 bit systems with certain input strings.
- Fixed possible overflows and stack corruptions in the session extension.
- Fixed an underflow inside the internal sapi_header_op() function.
- Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
- Fixed possible stack overflows inside zip, imap & sqlite extensions.
- Fixed several possible buffer overflows inside the stream filters.
- Fixed non-validated resource destruction inside the shmop extension.
- Fixed a possible overflow in the str_replace() function.
- Fixed possible clobbering of super-globals in several code paths.
- Fixed a possible information disclosure inside the wddx extension.
- Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
- Fixed a possible buffer overflow inside mail() and ibase_{delete,add,modify}_user() functions.
- Fixed a string format vulnerability inside the odbc_result_all() function.
- Memory limit is now enabled by default.
- Added internal heap protection.
- Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.
Affected PHP versions (up to 5.2.0).
Remediation
Upgrade PHP to the latest version.