The PHP development team reports:
Security Enhancements and Fixes in PHP 5.2.4:
- Fixed a floating point exception inside wordwrap() (Reported
by Mattias Bengtsson)
- Fixed several integer overflows inside the GD extension
(Reported by Mattias Bengtsson)
- Fixed size calculation in chunk_split() (Reported by Gerhard
Wagner)
- Fixed integer overflow in str[c]spn(). (Reported by Mattias
Bengtsson)
- Fixed money_format() not to accept multiple %i or %n tokens.
(Reported by Stanislav Malyshev)
- Fixed zend_alter_ini_entry() memory_limit interruption
vulnerability. (Reported by Stefan Esser)
- Fixed INFILE LOCAL option handling with MySQL extensions not
to be allowed when open_basedir or safe_mode is active. (Reported
by Mattias Bengtsson)
- Fixed session.save_path and error_log values to be checked
against open_basedir and safe_mode (CVE-2007-3378) (Reported by
Maksymilian Arciemowicz)
- Fixed a possible invalid read in glob() win32 implementation
(CVE-2007-3806) (Reported by shinnai)
- Fixed a possible buffer overflow in php_openssl_make_REQ
(Reported by zatanzlatan at hotbrev dot com)
- Fixed an open_basedir bypass inside glob() function (Reported
by dr at peytz dot dk)
- Fixed a possible open_basedir bypass inside session extension
when the session file is a symlink (Reported by c dot i dot morris
at durham dot ac dot uk)
- Improved fix for MOPB-03-2007.
- Corrected fix for CVE-2007-2872.