PHP 5 Version5.4.4 released + mysql on the 11 th Floor, severe windows remote connection vulnerability-php Tutorial

Source: Internet
Author: User
Tags crypt sapi
PHP5Version5.4.4 released + mysql and windows remote connection on the 11 th floor serious vulnerability www. php. A vulnerability in netChangeLog-5.php06-June-2012DES algorithm Crypt implementation a heap overflow problem in phar extension CLISAPIImplementedFR #61977 (NeedCLIweb-server PHP 5 Version 5.4.4 released + 11 floor mysql, windows remote connection severe vulnerability
Http://www.php.net/ChangeLog-5.php
06-Jun-2012

One vulnerability in the implementation of the DES algorithm Crypt
A heap overflow problem in phar extension


CLI SAPI
Implemented FR #61977 (Need CLI web-server support for files with. htm & svg extensions)
Improved performance while sending error page, this also fixed bug Fixed bug #61785 (Memory leak when access a non-exists file without router)
Fixed bug #61546 (functions related to current script failed when chdir () in cli sapi)
Core
Fixed missing bound check in iptcparse ()
Fixed CVE-2012-2143
Fixed bug #62097 (fix for bug #54547)
Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object)
Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable)
Fixed bug #61991 (long overflow in realpath_cache_get ())
Fixed bug #61922 (ZTS build doesn't accept zend. script_encoding config)
Fixed bug #61827 (incorrect \ e processing on Windows)
Fixed bug #61782 (_ clone/_ destruct do not match other methods when checking access controls)
Fixed bug #61761 ('overwriting 'a private static method with a different signature causes crash)
Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference)
Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase)
Fixed bug #61660 (bin2hex (hex2bin ($ data ))! = $ Data)
Fixed bug #61650 (ini parser crashes when using $ {xxxx} ini variables (without apache2 ))
Fixed bug #61605 (header_remove () does not remove all headers)
Fixed bug #54547 (wrong equality of string numbers)
Fixed bug #54197 ([PATH =] sections incompatibility with user_ini.filename set to null)
Changed php: // fd to be available only for CLI
CURL
Fixed bug #61948 (CURLOPT_COOKIEFILE ''raises open_basedir restriction)
COM
Fixed bug #62146 com_dotnet cannot be built shared
Fileinfo
Fixed bug #61812 (Uninitialised value used in libmagic)
FPM
Fixed bug #61812 (Uninitialised value used in libmagic)
Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read ()
Iconv
Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi? Id = 364139 for detail
Intl
Fixed bug #62082 (Memory Upload uption in internal function get_icu_disp_value_src_php ()
JSON
Fixed bug #61537 (json_encode () incorrectly truncates/discards information)
LibXML
Fixed bug #61617 (Libxml tests failed (ht is already destroyed ))
PDO
Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations)
Phar
Fixed bug #61065 (Secunia SA44335) (CVE-2012-2386)
Streams
Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)
Zlib
Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression)
Fixed bug #61443 (can't change zlib. output_compression on the fly)
Fixed bug #60761 (zlib. output_compression fails on refresh)

------ Solution --------------------
Are these vulnerabilities not fixed?
------ Solution --------------------
Push and save wamp2.2 Discussion

These are fixed.
Reference:

Are these vulnerabilities not fixed?

------ Solution --------------------
... I don't know ..
------ Solution --------------------
Discussion

... I don't know ..

------ Solution --------------------

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.