Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP 5.2.2 and 4.4.7 Released

Posted by CowboyNeal on from the hot-off-the-presses dept.

daeg writes "PHP 5.2.2 and 4.4.7 have been released with a plethora of security updates. Many of the security notifications come from the Month of PHP Bugs effort, and range from double freed memory to bugs in functions that allow attackers to enable register_globals, to memory corruption with unserialize(), to input validation flaws that allow e-mail header injections, with an unhealthy sprinkling of other bugs and flaws fixed. All administrators that run any version of PHP are encouraged to update immediately."

3 of 122 comments (clear)

  1. Good! PHP makes the "LAMP" stack look bad by Anonymous Coward · · Score: -1, Offtopic

    Linux-Apache-PHP-MySQL. Three reliable, trustworthy workhorses, and a swiss cheese.

    I analyze a fraction of the spam that gets past my defenses each day. Most of it comes from residential consumer MSFT zombies on broadband. Almost all the rest comes from hastily, naively written, overly complex, compromised PHP applications. Mary Jane dies. It seems to be part of the PHP culture. The five minute install through a browser, and you never look back.

    Linux is the OS of choice for low-cost Web hosting, mainly because more people know it than know Net/Open/FreeBSD. There are a lot more domains on shared hosting at giant lowball data centers than anywhere else, and they're on "the LAMP stack," a chain with a weak link.

    Now that these guys are all going to freeware Content Management Systems written (badly, for the most part) in PHP, there are more easily exploited, well connected servers than the spammers know what to do with. And they're harder to block than the residential zombies: you have to spot them one IP address at a time, where you could block the MSFT zombies in swaths of 65 thousand. Mary Jane dies. And people are going to blame "Linux" for it.

    If Month of PHP Bugs gives these guys the kick in the ass they deserve, it will be a grand public service. Mary Jane dies. Might even cut the spam a little. Oh please, fix that stupid borken mail() function.

  2. WARNING: PARENT IS MOVIE SPOILER TROLL by ZachPruckowski · · Score: -1, Offtopic

    Well, probably. I haven't seen Spider-Man 3 yet, so he could be lying.

  3. Re:WARNING: PARENT IS MOVIE SPOILER TROLL by Anonymous Coward · · Score: -1, Offtopic

    He's right. Snape kills dumbledorf, then he kills mary jane.