admin
11-02-2013, بتوقيت غرينيتش 12:51 AM
http://www.php.net/releases/4_4_7.php
Security Enhancements and Fixes in PHP 4.4.7:
Fixed CVE-2014-1001, GD wbmp used with invalid image size (by Ivan Fratric)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
Added missing open_****dir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
XSS in phpinfo() (MOPB-8 by Stefan Esser)
Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)
While majority of the issues outlined above are local, few issues such as the XML-RPC overflows can be triggered remotely and therefor should be considered critical. If you use the XML-RPC extension consider upgrading as soon as possible.]
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
Security Enhancements and Fixes in PHP 4.4.7:
Fixed CVE-2014-1001, GD wbmp used with invalid image size (by Ivan Fratric)
Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
Added missing open_****dir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
XSS in phpinfo() (MOPB-8 by Stefan Esser)
Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)
While majority of the issues outlined above are local, few issues such as the XML-RPC overflows can be triggered remotely and therefor should be considered critical. If you use the XML-RPC extension consider upgrading as soon as possible.]
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
