This evening all Mr.Host web servers have been upgraded to PHP 5.3.7
Security Enhancements and Fixes in PHP 5.3.7:
- Updated crypt_blowfish to 1.2. (CVE-2011-2483)
- Fixed crash in error_log(). Reported by Mateusz Kocielski
- Fixed buffer overflow on overlog salt in crypt().
- Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
- Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
- Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
Key enhancements in PHP 5.3.7 include:
- Upgraded bundled Sqlite3 to version 3.7.7.1
- Upgraded bundled PCRE to version 8.12
- Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
- Fixed bug #54585 (track_errors causes segfault)
- Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
- Fixed a crash inside dtor for error handling
- Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
- Fixed bug #54935 php_win_err can lead to crash
- Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
- Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
- Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)
- Fixed bug #54529 (SAPI crashes on apache_config.c:197)
- Fixed bug #54283 (new DatePeriod(NULL) causes crash).
- Fixed bug #54269 (Short exception message buffer causes crash)
- Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
- Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
- Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don’t call the parent constructor)
- Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())
- Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0)
- Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
- Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)
- Fixed bug #54681 (addGlob() crashes on invalid flags)
- Over 80 other bug fixes.