Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: PHP 5.2.1 released SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP 5.2.1 released released their version 5.2.1 which contains a number of security fixes.
"The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to 5.2.1 release as soon as possible. PHP 4.4.5 with equivalent security corrections will be available shortly."

(BTW: Since you will have to recompile/test PHP anyway, take a look at security extensions from the hardened php project at (in particular 'Suhosin' is nice and not too hard to install and configure)

Swa Frantzen --

760 Posts

Sign Up for Free or Log In to start participating in the conversation!